(upbeat music) >> Hello, everyone and welcome back to fabulous Las Vegas, Nevada, where we are here on the show floor at AWS re:Invent. We are theCUBE. I am Savannah Peterson, joined with John Furrier. John, afternoon, day two, we are in full swing. >> Yes. >> What's got you most excited? >> Just got lunch, got the food kicking in. No, we don't get coffee. (Savannah laughing) >> Way to bring the hype there, John. >> No, there's so many people here just in Amazon. We're back to 2019 levels of crowd. The interest levels are high. Next gen, cloud security, big part of the keynote. This next segment, I am super excited about. CUBE Alumni, going back to 2013, 10 years ago he was on theCUBE. Now, 10 years later we're at re:Invent, looking forward to this guest and it's about security, great topic. >> I don't want to delay us anymore, please welcome Mark. Mark, thank you so much for being here with us. Massive day for you and the team. I know you oversee three different units at Amazon, Inspector, Detective, and the most recently announced, Security Lake. Tell us about Amazon Security Lake. >> Well, thanks Savannah. Thanks John for having me. Well, Security Lake has been in the works for a little bit of time and it got announced today at the keynote as you heard from Adam. We're super excited because there's a couple components that are really unique and valuable to our customers within Security Lake. First and foremost, the foundation of Security Lake is an open source project we call OCFS, Open Cybersecurity Framework Schema. And what that allows is us to work with the vendor community at large in the security space and develop a language where we can all communicate around security data. And that's the language that we put into Security Data Lake. We have 60 vendors participating in developing that language and partnering within Security Lake. But it's a communal lake where customers can bring all of their security data in one place, whether it's generated in AWS, they're on-prem, or SaaS offerings or other clouds, all in one location in a language that allows analytics to take advantage of that analytics and give better outcomes for our customers. >> So Adams Selipsky big keynote, he spent all the bulk of his time on data and security. Obviously they go well together, we've talked about this in the past on theCUBE. Data is part of security, but this security's a little bit different in the sense that the global footprint of AWS makes it uniquely positioned to manage some security threats, EKS protection, a very interesting announcement, runtime layer, but looking inside and outside the containers, probably gives extra telemetry on some of those supply chains vulnerabilities. This is actually a very nuanced point. You got Guard Duty kind of taking its role. What does it mean for customers 'cause there's a lot of things in this announcement that he didn't have time to go into detail. Unpack all the specifics around what the security announcement means for customers. >> Yeah, so we announced four items in Adam's keynote today within my team. So I'll start with Guard Duty for EKS runtime. It's complimenting our existing capabilities for EKS support. So today Inspector does vulnerability assessment on EKS or container images in general. Guard Duty does detections of EKS workloads based on log data. Detective does investigation and analysis based on that log data as well. With the announcement today, we go inside the container workloads. We have more telemetry, more fine grain telemetry and ultimately we can provide better detections for our customers to analyze risks within their container workload. So we're super excited about that one. Additionally, we announced Inspector for Lambda. So Inspector, we released last year at re:Invent and we focused mostly on EKS container workloads and EC2 workloads. Single click automatically assess your environment, start generating assessments around vulnerabilities. We've added Lambda to that capability for our customers. The third announcement we made was Macy sampling. So Macy has been around for a while in delivering a lot of value for customers providing information around their sensitive data within S3 buckets. What we found is many customers want to go and characterize all of the data in their buckets, but some just want to know is there any sensitive data in my bucket? And the sampling feature allows the customer to find out their sensitive data in the bucket, but we don't have to go through and do all of the analysis to tell you exactly what's in there. >> Unstructured and structured data. Any data? >> Correct, yeah. >> And the fourth? >> The fourth, Security Data Lake? (John and Savannah laughing) Yes. >> Okay, ocean theme. data lake. >> Very complimentary to all of our services, but the unique value in the data lake is that we put the information in the customer's control. It's in their S3 bucket, they get to decide who gets access to it. We've heard from customers over the years that really have two options around gathering large scale data for security analysis. One is we roll our own and we're security engineers, we're not data engineers. It's really hard for them to build these distributed systems at scale. The second one is we can pick a vendor or a partner, but we're locked in and it's in their schemer and their format and we're there for a long period of time. With Security Data Lake, they get the best of both worlds. We run the infrastructure at scale for them, put the data in their control and they get to decide what use case, what partner, what tool gives them the most value on top of their data. >> Is that always a good thing to give the customers too much control? 'Cause you know the old expression, you give 'em a knife they play with and they they can cut themselves, I mean. But no, seriously, 'cause what's the provisions around that? Because control was big part of the governance, how do you manage the security? How does the customer worry about, if I have too much control, someone makes a mistake? >> Well, what we finding out today is that many customers have realized that some of their data has been replicated seven times, 10 times, not necessarily maliciously, but because they have multiple vendors that utilize that data to give them different use cases and outcomes. It becomes costly and unwieldy to figure out where all that data is. So by centralizing it, the control is really around who has access to the data. Now, ultimately customers want to make those decisions and we've made it simple to aggregate this data in a single place. They can develop a home region if they want, where all the data flows into one region, they can distribute it globally. >> They're in charge. >> They're in charge. But the controls are mostly in the hands of the data governance person in the company, not the security analyst. >> So I'm really curious, you mentioned there's 60 AWS partner companies that have collaborated on the Security lake. Can you tell us a little bit about the process? How long does it take? Are people self-selecting to contribute to these projects? Are you cherry picking? What does that look like? >> It's a great question. There's three levels of collaboration. One is around the open source project that we announced at Black Hat early in this year called OCSF. And that collaboration is we've asked the vendor community to work with us to build a schema that is universally acceptable to security practitioners, not vendor specific and we've asked. >> Savannah: I'm sorry to interrupt you, but is this a first of its kind? >> There's multiple schemes out there developed by multiple parties. They've been around for multiple years, but they've been built by a single vendor. >> Yeah, that's what I'm drill in on a little bit. It sounds like the first we had this level of collaboration. >> There's been collaborations around them, but in a handful of companies. We've really gone to a broad set of collaborators to really get it right. And they're focused around areas of expertise that they have knowledge in. So the EDR vendors, they're focused around the scheme around EDR. The firewall vendors are focused around that area. Certainly the cloud vendors are in their scope. So that's level one of collaboration and that gets us the level playing field and the language in which we'll communicate. >> Savannah: Which is so important. >> Super foundational. Then the second area is around producers and subscribers. So many companies generate valuable security data from the tools that they run. And we call those producers the publishers and they publish the data into Security Lake within that OCSF format. Some of them are in the form of findings, many of them in the form of raw telemetry. Then the second one is in the subscriber side and those are usually analytic vendors, SIM vendors, XDR vendors that take advantage of the logs in one place and generate analytic driven outcomes on top of that, use cases, if you will, that highlight security risks or issues for customers. >> Savannah: Yeah, cool. >> What's the big customer focus when you start looking at Security Lakes? How do you see that planning out? You said there's a collaboration, love the open source vibe on that piece, what data goes in there? What's sharing? 'Cause a big part of the keynote I heard today was, I heard clean rooms, I've cut my antenna up. I'd love to hear that. That means there's an implied sharing aspect. The security industry's been sharing data for a while. What kind of data's in that lake? Give us an example, take us through. >> Well, this a number of sources within AWS, as customers run their workloads in AWS. We've identified somewhere around 25 sources that will be natively single click into Amazon Security Lake. We were announcing nine of them. They're traditional network logs, BBC flow, cloud trail logs, firewall logs, findings that are generated across AWS, EKS audit logs, RDS data logs. So anything that customers run workloads on will be available in data lake. But that's not limited to AWS. Customers run their environments hybridly, they have SaaS applications, they use other clouds in some instances. So it's open to bring all that data in. Customers can vector it all into this one single location if they decide, we make it pretty simple for them to do that. Again, in the same format where outcomes can be generated quickly and easily. >> Can you use the data lake off on premise or it has to be in an S3 in Amazon Cloud? >> Today it's in S3 in Amazon. If we hear customers looking to do something different, as you guys know, we tend to focus on our customers and what they want us to do, but they've been pretty happy about what we've decided to do in this first iteration. >> So we got a story about Silicon Angle. Obviously the ingestion is a big part of it. The reporters are jumping in, but the 53rd party sources is a pretty big number. Is that coming from the OCSF or is that just in general? Who's involved? >> Yeah, OCSF is the big part of that and we have a list of probably 50 more that want to join in part of this. >> The other big names are there, Cisco, CrowdStrike, Peloton Networks, all the big dogs are in there. >> All big partners of AWS, anyway, so it was an easy conversation and in most cases when we started having the conversation, they were like, "Wow, this has really been needed for a long time." And given our breadth of partners and where we sit from our customers perspective in the center of their cloud journey that they've looked at us and said, "You guys, we applaud you for driving this." >> So Mark, take us through the conversations you're having with the customers at re:Inforce. We saw a lot of meetings happening. It was great to be back face to face. You guys have been doing a lot of customer conversation, security Data Lake came out of that. What was the driving force behind it? What were some of the key concerns? What were the challenges and what's now the opportunity that's different? >> We heard from our customers in general. One, it's too hard for us to get all the data we need in a single place, whether through AWS, the industry in general, it's just too hard. We don't have those resources to data wrangle that data. We don't know how to pick schema. There's multiple ones out there. Tell us how we would do that. So these three challenges came out front and center for every customer. And mostly what they said is our resources are limited and we want to focus those resources on security outcomes and we have security engines. We don't want to focus them on data wrangling and large scale distributed systems. Can you help us solve that problem? And it came out loud and clear from almost every customer conversation we had. And that's where we took the challenge. We said, "Okay, let's build this data layer." And then on top of that we have services like Detective and Guard Duty, we'll take advantage of it as well. But we also have a myriad of ISV third parties that will also sit on top of that data and render out. >> What's interesting, I want to get your reaction. I know we don't have much time left, but I want to get your thoughts. When I see Security Data Lake, which is awesome by the way, love the focus, love how you guys put that together. It makes me realize the big thing in re:Invent this year is this idea of specialized solutions. You got instances for this and that, use cases that require certain kind of performance. You got the data pillars that Adam laid out. Are we going to start seeing more specialized data lakes? I mean, we have a video data lake. Is there going to be a FinTech data lake? Is there going to be, I mean, you got the Great Lakes kind of going on here, what is going on with these lakes? I mean, is that a trend that Amazon sees or customers are aligning to? >> Yeah, we have a couple lakes already. We have a healthcare lake and a financial lake and now we have a security lake. Foundationally we have Lake Formation, which is the tool that anyone can build a lake. And most of our lakes run on top of Lake Foundation, but specialize. And the specialization is in the data aggregation, normalization, enridgement, that is unique for those use cases. And I think you'll see more and more. >> John: So that's a feature, not a bug. >> It's a feature, it's a big feature. The customers have ask for it. >> So they want roll their own specialized, purpose-built data thing, lake? They can do it. >> And customer don't want to combine healthcare information with security information. They have different use cases and segmentation of the information that they care about. So I think you'll see more. Now, I also think that you'll see where there are adjacencies that those lakes will expand into other use cases in some cases too. >> And that's where the right tools comes in, as he was talking about this ETL zero, ETL feature. >> It be like an 80, 20 rule. So if 80% of the data is shared for different use cases, you can see how those lakes would expand to fulfill multiple use cases. >> All right, you think he's ready for the challenge? Look, we were on the same page. >> Okay, we have a new challenge, go ahead. >> So think of it as an Instagram Reel, sort of your hot take, your thought leadership moment, the clip we're going to come back to and reference your brilliance 10 years down the road. I mean, you've been a CUBE veteran, now CUBE alumni for almost 10 years, in just a few weeks it'll be that. What do you think is, and I suspect, I think I might know your answer to this, so feel free to be robust in this. But what do you think is the biggest story, key takeaway from the show this year? >> We're democratizing security data within Security Data Lake for sure. >> Well said, you are our shortest answer so far on theCUBE and I absolutely love and respect that. Mark, it has been a pleasure chatting with you and congratulations, again, on the huge announcement. This is such an exciting day for you all. >> Thank you Savannah, thank you John, pleasure to be here. >> John: Thank you, great to have you. >> We look forward to 10 more years of having you. >> Well, maybe we don't have to wait 10 years. (laughs) >> Well, more years, in another time. >> I have a feeling it'll be a lot of security content this year. >> Yeah, pretty hot theme >> Very hot theme. >> Pretty odd theme for us. >> Of course, re:Inforce will be there this year again, coming up 2023. >> All the res. >> Yep, all the res. >> Love that. >> We look forward to see you there. >> All right, thanks, Mark. >> Speaking of res, you're the reason we are here. Thank you all for tuning in to today's live coverage from AWS re:Invent. We are in Las Vegas, Nevada with John Furrier. My name is Savannah Peterson. We are theCUBE and we are the leading source for high tech coverage. (upbeat music)

>>Hello, everyone. Welcome to the AWS startup showcase. This is season two, episode four, the ongoing series covering exciting startups from the AWS ecosystem to talk about cybersecurity. I'm your host, John furrier. And today I'm excited for this keynote presentation and I'm joined by John Ramsey, vice president of AWS security, John, welcome to the cubes coverage of the startup community within AWS. And thanks for this keynote presentation, >>Happy to be here. >>So, John, what do you guys, what do you do at AWS? Take, take minutes to explain your role, cuz it's very comprehensive. We saw at AWS reinforce event recently in Boston, a broad coverage of topics from Steven Schmid CJ, a variety of the executives. What's your role in particular at AWS? >>If you look at AWS, there are, there is a shared security responsibility model and CJ, the C the CSO for AWS is responsible for securing the AWS portion of the shared security responsibility model. Our customers are responsible for securing their part of the shared security responsible, responsible model. For me, I provide services to those customers to help them secure their part of that model. And those services come in different different categories. The first category is threat detection with guard. We that does real time detection and alerting and detective is then used to investigate those alerts to determine if there is an incident vulnerability management, which is inspector, which looks for third party vulnerabilities and security hub, which looks for configuration vulnerabilities and then Macy, which does sensitive data discovery. So I have those sets of services underneath me to help provide, to help customers secure their part of their shared security responsibility model. >>Okay, well, thanks for the call out there. I want to get that out there because I think it's important to note that, you know, everyone talks inside out, outside in customer focus. 80 of us has always been customer focused. We've been covering you guys for a long time, but you do have to secure the core cloud that you provide and you got great infrastructure tools technology down to the, down to the chip level. So that's cool. You're on the customer side. And right now we're seeing from these startups that are serving them. We had interviewed here at the showcase. There's a huge security transformation going on within the security market. It's the plane at 35,000 feet. That's engines being pulled out and rechange, as they say, this is huge. And, and what, what's it take for your, at customers with the enterprises out there that are trying to be more cyber resilient from threats, but also at the same time, protect what they also got. They can't just do a wholesale change overnight. They gotta be, you know, reactive, but proactive. How does it, what, what do they need to do to be resilient? That's the >>Question? Yeah. So, so I, I think it's important to focus on spending your resources. Everyone has constrained security resources and you have to focus those resources in the areas and the ways that reduce the greatest amount of risk. So risk really can be summed up is assets that I have that are most valuable that have a vulnerability that a threat is going to attack in that world. Then you wanna mitigate the threat or mitigate the vulnerability to protect the asset. If you have an asset that's vulnerable, but a threat isn't going to attack, that's less risky, but that changes over time. The threat and vulnerability windows are continuously evolving as threats, developing trade craft as vulnerabilities are being discovered as new software is being released. So it's a continuous picture and it's an adaptive picture where you have to continuously monitor what's happening. You, if you like use the N framework cybersecurity framework, you identify what you have to protect. >>That's the asset parts. Then you have to protect it. That's putting controls in place so that you don't have an incident. Then you from a threat perspective, then you ha to de detect an incident or, or a breach or a, a compromise. And then you respond and then you remediate and you have to continuously do that cycle to be in a position to, to de to have cyber resiliency. And one of the powers of the cloud is if you're building your applications in a cloud native form, you, your ability to respond can be very surgical, which is very important because then you don't introduce risk when you're responding. And by design, the cloud was, is, is architected to be more resilient. So being able to stay cyber resilient in a cloud native architecture is, is important characteristic. >>Yeah. And I think that's, I mean, it sounds so easy. Just identify what's to be protected. You monitor it. You're protected. You remediate sounds easy, but there's a lot of change going on and you got the cloud scale. And so you got security, you got cloud, you guys's a lot of things going on there. How do you think about security and how does the cloud help customers? Because again, there's two things going on. There's a shared responsibility model. And at the end of the day, the customer's responsible on their side. That's right, right. So that's right. Cloud has some tools. How, how do you think about going about security and, and where cloud helps specifically? >>Yeah, so really it's about there, there's a model called observe, orient, decide an actor, the ULO and it was created by John Boyd. He was a fighter pilot in the Korean war. And he knew that if I could observe what the opponent is doing, orient myself to my goals and their goals, make a decision on what the next best action is, and then act, and then follow that UTI loop, or, or also said a sense sense, making, deciding, and acting. If I can do that faster than the, than the enemy, then I can, I will win every fight. So in the cyber world, being in a position where you are observing and that's where cloud can really help you, because you can interrogate the infrastructure, you can look at what's happening, you can build baselines from it. And then you can look at deviations from, from the norm. It's just one way to observe this orient yourself around. Does this represent something that increases risk? If it does, then what's the next best action that I need to take, make that decision and then act. And that's also where the cloud is really powerful, cuz there's this huge con control plane that lets you lets you enable or disable resources or reconfigure resources. And if you're in, in the, in the situation where you can continuously do that very, very rapidly, you can, you can outpace and out maneuver the adversary. >>Yeah. You know, I remember I interviewed Steven Schmidt in 2014 and at that time everybody was poo pooing. Oh man, the cloud is so unsecure. He made a statement to me and we wrote about this. The cloud is more secure and will be more secure because it can be complicated to the hacker, but also easy for the, for provisioning. So he kind of brought up this, this discussion around how cloud would be more secure turns out he's right. He was right now. People are saying, oh, the cloud's more secure than, than standalone. What's different John now than not even going back to 2014, just go back a few years. Cloud is helpful, is more interrogation. You mentioned, this is important. What's, what's changed in the cloud per se in AWS that enables customers and say third parties who are trying to comply and manage risk as well. So you have this shared back and forth. What's different in the cloud now than just a few years ago that that's helping security. >>Yeah. So if you look at the, the parts of the shared responsibility model, AWS is the further up the stack you go from just infrastructure to platforms, say containers up to serverless the, the, we are taking more of the responsibility of that, of that stack. And in the process, we are investing resources and capabilities. For example, guard duty takes an S audit feed for containers to be able to monitor what's happening from a container perspective. And then in server list, really the majority of what, what needs to be defended is, is part of our responsibility model. So that that's an important shift because in that world, we have a very large team in our world. We have a very large team who knows the infrastructure who knows the threat and who knows how to protect customers all the way up to the, to the, to the boundary. And so that, that's a really important consideration. When you think about how you design your design, your applications is you want the developers to focus on the business logic, the business value and let, but still, also the security of the code that they're writing, but let us take over the rest of it so that you don't have to worry about it. >>Great, good, good insight there. I want to get your thoughts too. On another trend here at the showcase, one of the things that's emerging besides the normal threat landscape and the compliance and whatnot is API protection. I mean APIs, that's what made the cloud great. Right? So, you know, and it's not going away, it's only gonna get better cuz we live in an interconnected digital world. So, you know, APIs are gonna be lingual Franko what they say here. Companies just can't sit back and expect third parties complying with cyber regulations and best practices. So how do security and organizations be proactive? Not just on API, it's just a, a signal in my mind of, of, of more connections. So you got shared responsibility, AWS, your customers and your customers, partners and customers of connection points. So we live in an interconnected world. How do security teams and organizations be proactive on the cyber risk management piece? >>Yeah. So when it comes to APIs, the, the thing you look for is the trust boundaries. Where are the trust boundaries in the system between the user and the, in the machine, the machine and another machine on the network, the API is a trust boundary. And it, it is a place where you need to facilitate some kind of some form of control because what you're, what could happen on the trust boundaries, it could be used to, to attack. Like I trust that someone's gonna give me something that is legitimate, but you don't know that that a actually is true. You should assume that the, the one side of the trust boundary is, is malicious and you have to validate it. And by default, make sure that you know, that what you're getting is actually trustworthy and, and valid. So think of an API is just a trust boundary and that whatever you're gonna receive at that boundary is not gonna be legitimate in that you need to validate, validate the contents of, of whatever you receive. >>You know, I was noticing online, I saw my land who runs S3 a us commenting about 10 years anniversary, 10, 10 year birthday of S3, Amazon simple storage service. A lot of the customers are using all their applications with S3 means it's file repository for their application, workflow ingesting literally thousands and trillions of objects from S3 today. You guys have about, I mean, trillions of objects on S3, this is big part of the application workflow. Data security has come up as a big discussion item. You got S3. I mean, forget about the misconfiguration about S3 buckets. That's kind of been reported on beyond that as application workflows, tap into S3 and data becomes the conversation around securing data. How do you talk to customers about that? Because that's also now part of the scaling of these modern cloud native applications, managing data on Preem cross in flight at rest in motion. What's your view on data security, John? >>Yeah. Data security is also a trust boundary. The thing that's going to access the data there, you have to validate it. The challenge with data security is, is customers don't really know where all their data is or even where their sensitive data is. And that continues to be a large problem. That's why we have services like Macy, which are whose job is to find in S3 the data that you need to protect the most because it's because it's sensitive. Getting the least privilege has always been the, the goal when it comes, when it comes to data security. The problem is, is least privilege is really, really hard to, to achieve because there's so many different common nations of roles and accounts and org orgs. And, and so there, there's also another technology called access analyzer that we have that helps customers figure out like this is this the right, if are my intended authorizations, the authorizations I have, are they the ones that are intended for that user? And you have to continuously review that as a, as a means to make sure that you're getting as close to least privilege as you possibly can. >>Well, one of the, the luxuries of having you here on the cube keynote for this showcase is that you also have the internal view at AWS, but also you have the external view with customers. So I have to ask you, as you talk to customers, obviously there's a lot of trends. We're seeing more managed services in areas where there's skill gaps, but teams are also overloaded too. We're hearing stories about security teams, overwhelmed by the solutions that they have to deploy quickly and scale up quickly cost effectively the need for in instrumentation. Sometimes it's intrusive. Sometimes it agentless sensors, OT. I mean, it's getting crazy at re Mars. We saw a bunch of stuff there. This is a reality, the teams aspect of it. Can you share your experiences and observations on how companies are organizing, how they're thinking about team formation, how they're thinking about all these new things coming at them, new environments, new scale choices. What, what do you seeing on, on the customer side relative to security team? Yeah. And their role and relationship to the cloud and, and the technologies. >>Yeah, yeah. A absolutely it. And we have to remember at the end of the day on one end of the wire is a black hat on the other end of the wire is a white hat. And so you need people and, and people are a critical component of being able to defend in the context of security operations alert. Fatigue is absolutely a problem. The, the alerts, the number of alerts, the volume of alerts is, is overwhelming. And so you have to have a means to effectively triage them and get the ones into investigation that, that you think will be the most, the, the most significant going back to the risk equation, you found, you find those alerts and events that are, are the ones that, that could harm you. The most. You'll also one common theme is threat hunting. And the concept behind threat hunting is, is I don't actually wait for an alert I lean in and I'm proactive instead of reactive. >>So I find the system that I at least want the hacker in. I go to that system and I look for any anomalies. I look for anything that might make me think that there is a, that there is a hacker there or a compromise or some unattended consequence. And the reason you do that is because it reduces your dwell time, time between you get compromised to the time detect something, which is you, which might be, you know, months, because there wasn't an alert trigger. So that that's also a very important aspect for, for AWS and our security services. We have a strategy across all of the security services that we call end to end, or how do we move from APIs? Because they're all API driven and security buyers generally not most do not ha have like a development team, like their security operators and they want a solution. And so we're moving more from APIs to outcomes. So how do we stitch all the services together in a way so that the time, the time that an analyst, the SOC analyst spends or someone doing investigation or someone doing incident response is the, is the most important time, most valuable time. And in the process of stitching this all together and helping our customers with alert, fatigue, we'll be doing things that will use sort of inference and machine learning to help prioritize the greatest risk for our customers. >>That's a great, that's a great call out. And that brings up the point of you get the frontline, so to speak and back office, front office kind of approach here. The threats are out there. There's a lot of leaning in, which is a great point. I think that's a good, good comment and insight there. The question I have for you is that everyone's kind of always talks about that, but there's the, the, I won't say boring, the important compliance aspect of things, you know, this has become huge, right? So there's a lot of blocking and tackling that's needed behind the scenes on the compliance side, as well as prevention, right? So can you take us through in your mind how customers are looking at the best strategies for compliance and security, because there's a lot of work you gotta get done and you gotta lay out everything as you mentioned, but compliance specifically to report is also a big thing for >>This. Yeah. Yeah. Compliance is interesting. I suggest taking a security approach to compliance instead of a compliance approach to security. If you're compliant, you may not be secure, but if you're secure, you'll be compliant. And the, the really interesting thing about compliance also is that as soon as something like a, a, a category of control is required in, in some form of compliance, compliance regime, the effectiveness of that control is reduced because the threats go well, I'm gonna presume that they have this control. I'm gonna presume cuz they're compliant. And so now I'm gonna change my tactic to evade the control. So if you only are ever following compliance, you're gonna miss a whole set of tactics that threats have developed because they presume you're compliant and you have those controls in place. So you wanna make sure you have something that's outside of the outside of the realm of compliance, because that's the thing that will trip them up. That's the thing that they're not expecting that threats not expecting and that that's what we'll be able to detect them. >>Yeah. And it almost becomes one of those things where it's his fault, right? So, you know, finger pointing with compliance, you get complacent. I can see that. Can you give an example? Cause I think that's probably something that people are really gonna want to know more about because it's common sense. But can you give an example of security driving compliance? Is there >>Yeah, sure. So there's there they're used just as an example, like multifactor authentication was used everywhere that for, for banks in high risk transactions, in real high risk transactions. And then that like that was a security approach to compliance. Like we said, that's a, that's a high net worth individual. We're gonna give them a token and that's how they're gonna authenticate. And there was no, no, the F F I C didn't say at the time that there needed to be multifactor authentication. And then after a period of time, when account takeover was, was on the rise, the F F I C the federally financial Institute examiner's council, something like that said, we, you need to do multifactor authentication. Multifactor authentication was now on every account. And then the threat went down to, okay, well, we're gonna do man in the browser attacks after the user authenticates, which now is a new tactic in that tactic for those high net worth individuals that had multifactor didn't exist before became commonplace. Yeah. And so that, that, that's a, that's an example of sort of the full life cycle and the important lesson there is that security controls. They have a diminishing halflife of effectiveness. They, they need to be continuous and adaptive or else the value of them is gonna decrease over time. >>Yeah. And I think that's a great call up because agility and speed is a big factor when he's merging threats. It's not a stable, mature hacker market. They're evolving too. All right. Great stuff. I know your time's very valuable, John. I really appreciate you coming on the queue. A couple more questions for you. We have 10 amazing startups here in the, a AWS ecosystem, all private looking grade performance wise, they're all got the kind of the same vibe of they're kind of on something new. They're doing something new and clever and different than what was, what was kind of done 10 years ago. And this is where the cloud advantage is coming in cloud scale. You mentioned that some of those things, data, so you start to see new things emerge. How, how would you talk to CSOs or CXOs that are watching about how to evaluate startups like these they're, they're, they're somewhat, still small relative to some of the bigger players, but they've got unique solutions and they're doing things a little bit differently. How should some, how should CSOs and Steve evaluate them? How can startups work with the CSOs? What's your advice to both the buyer and the startup to, to bring their product to the market. And what's the best way to do that? >>Yeah. So the first thing is when you talk to a CSO, be respected, be respectful of their time like that. Like, they'll appreciate that. I remember when I was very, when I just just started, I went to talk to one of the CISOs as one of the five major banks and he sat me down and he said, and I tried to tell him what I had. And he was like son. And he went through his book and he had, he had 10 of every, one thing that I had. And I realized that, and I, I was grateful for him giving me an explanation. And I said to him, I said, look, I'm sorry. I wasted your time. I will not do that again. I apologize. I, if I can't bring any value, I won't come back. But if I think I can bring you something of value now that I know what I know, please, will you take the meeting? >>He was like, of course. And so be respectful of their time. They know what the problem is. They know what the threat is. You be, be specific about how you're different right now. There is so much confusion in the market about what you do. Like if you're really have something that's differentiated, be very, very specific about it. And don't be afraid of it, like lean into it and explain the value to that. And that, that, that would, would save a, a lot of time and a lot and make the meeting more valuable for the CSO >>And the CISOs. Are they evaluate these startups? How should they look at them? What are some kind of markers that you would say would be good, kind of things to look for size of the team reviews technology, or is it doesn't matter? It's more of a everyone's environment's different. What >>Would your, yeah. And, you know, for me, I, I always look first to the security value. Cause if there isn't security value, nothing else matters. So there's gotta be some security value. Then I tend to look at the management team, quite frankly, what are, what are the, what are their experiences and what, what do they know that that has led them to do something different that is driving security value. And then after that, for me, I tend to look to, is this someone that I can have a long term relationship with? Is this someone that I can, you know, if I have a problem and I call them, are they gonna, you know, do this? Or are they gonna say, yes, we're in, we're in this together, we'll figure it out. And then finally, if, if for AWS, you know, scale is important. So we like to look at, at scale in terms of, is this a solution that I can, that I can, that I can get to, to the scale that I needed at >>Awesome. Awesome. John Ramsey, vice president of security here on the cubes. Keynote. John, thank you for your time. I really appreciate, I know how busy you are with that for the next minute, or so share a little bit of what you're up to. What's on your plate. What are you thinking about as you go out to the marketplace, talk to customers what's on your agenda. What's your talk track, put a plug in for what you're up to. >>Yeah. So for, for the services I have, we, we are, we are absolutely moving. As I mentioned earlier, from APIs to outcomes, we're moving up the stack to be able to defend both containers, as well as, as serverless we're, we're moving out in terms of we wanna get visibility and signal, not just from what we see in AWS, but from other places to inform how do we defend AWS? And then also across, across the N cybersecurity framework in terms of we're doing a lot of, we, we have amazing detection capability and we have this infrastructure that we could respond, do like micro responses to be able to, to interdict the threat. And so me moving across the N cybersecurity framework from detection to respond. >>All right, thanks for your insight and your time sharing in this keynote. We've got great 10 great, amazing startups. Congratulations for all your success at AWS. You guys doing a great job, shared responsibility that the threats are out there. The landscape is changing. The scale's increasing more data tsunamis coming every day, more integration, more interconnected, it's getting more complex. So you guys are doing a lot of great work there. Thanks for your time. Really appreciate >>It. Thank you, John. >>Okay. This is the AWS startup showcase. Season two, episode four of the ongoing series covering the exciting startups coming out of the, a AWS ecosystem. This episode's about cyber security and I'm your host, John furrier. Thanks for watching.

>>Hi everybody. This is Dave Volante. Welcome to this cube conversation where we're going to go back in time a little bit and explore the early days of Kubernetes. Talk about how it formed the improbable events, perhaps that led to it. And maybe how customers are taking advantage of containers and container orchestration today, and maybe where the industry is going. Matt Provo is here. He's the founder and CEO of storm forge and Chandler Huntington hoes. Hoisington is the general manager of EKS edge and hybrid AWS guys. Thanks for coming on. Good to see you. Thanks for having me. Thanks. So, Jenny, you were the vice president of engineering at miso sphere. Is that, is that correct? >>Well, uh, vice-president engineering basis, fear and then I ran product and engineering for DTQ masons. >>Yeah. Okay. Okay. So you were there in the early days of, of container orchestration and Matt, you, you were working at a S a S a Docker swarm shop, right? Yep. Okay. So I mean, a lot of people were, you know, using your platform was pretty novel at the time. Uh, it was, it was more sophisticated than what was happening with, with Kubernetes. Take us back. What was it like then? Did you guys, I mean, everybody was coming out. I remember there was, I think there was one Docker con and everybody was coming, the Kubernetes was announced, and then you guys were there, doc Docker swarm was, was announced and there were probably three or four other startups doing kind of container orchestration. And what, what were those days like? Yeah. >>Yeah. I wasn't actually atmosphere for those days, but I know them well, I know the story as well. Um, uh, I came right as we started to pivot towards Kubernetes there, but, um, it's a really interesting story. I mean, obviously they did a documentary on it and, uh, you know, people can watch that. It's pretty good. But, um, I think that, from my perspective, it was, it was really interesting how this happened. You had basically, uh, con you had this advent of containers coming out, right? So, so there's new novel technology and Solomon, and these folks started saying, Hey, you know, wait a second, wait if I put a UX around these couple of Linux features that got launched a couple of years ago, what does that look like? Oh, this is pretty cool. Um, so you have containers starting to crop up. And at the same time you had folks like ThoughtWorks and other kind of thought leaders in the space, uh, starting to talk about microservices and saying, Hey, monoliths are bad and you should break up these monoliths into smaller pieces. >>And any Greenfield application should be broken up into individuals, scalable units that a team can can own by themselves, and they can scale independent of each other. And you can write tests against them independently of other components. And you should break up these big, big mandalas. And now we are kind of going back to model this, but that's for another day. Um, so, so you had microservices coming out and then you also had containers coming out, same time. So there was like, oh, we need to put these microservices in something perfect. We'll put them in containers. And so at that point, you don't really, before that moment, you didn't really need container orchestration. You could just run a workload in a container and be done with it, right? You didn't need, you don't need Kubernetes to run Docker. Um, but all of a sudden you had tons and tons of containers and you had to manage these in some way. >>And so that's where container orchestration came, came from. And, and Ben Heineman, the founder of Mesa was actually helping schedule spark at the time at Berkeley. Um, and that was one of the first workloads with spark for Macy's. And then his friends at Twitter said, Hey, come over, can you help us do this with containers at Twitter? He said, okay. So when it helped them do it with containers at Twitter, and that's kinda how that branch of the container wars was started. And, um, you know, it was really, really great technology and it actually is still in production in a lot of shops today. Um, uh, more and more people are moving towards Kubernetes and Mesa sphere saw that trend. And at the end of the day, Mesa sphere was less concerned about, even though they named the company Mesa sphere, they were less concerned about helping customers with Mesa specifically. They really want to help customers with these distributed problems. And so it didn't make sense to, to just do Mesa. So they would took on Kubernetes as well. And I hope >>I don't do that. I remember, uh, my, my co-founder John furrier introduced me to Jerry Chen way back when Jerry is his first, uh, uh, VC investment with Greylock was Docker. And we were talking in these very, obviously very excited about it. And, and his Chandler was just saying, it said Solomon and the team simplified, you know, containers, you know, simple and brilliant. All right. So you guys saw the opportunity where you were Docker swarm shop. Why? Because you needed, you know, more sophisticated capabilities. Yeah. But then you, you switched why the switch, what was happening? What was the mindset back then? We ran >>And into some scale challenges in kind of operationalize or, or productizing our kind of our core machine learning. And, you know, we, we, we saw kind of the, the challenges, luckily a bit ahead of our time. And, um, we happen to have someone on the team that was also kind of moonlighting, uh, as one of the, the original core contributors to Kubernetes. And so as this sort of shift was taking place, um, we, we S we saw the flexibility, uh, of what was becoming Kubernetes. Um, and, uh, I'll never forget. I left on a Friday and came back on a Monday and we had lifted and shifted, uh, to Kubernetes. Uh, the challenge was, um, you know, you, at that time, you, you didn't have what you have today through EKS. And, uh, those kinds of services were, um, just getting that first cluster up and running was, was super, super difficult, even in a small environment. >>And so I remember we, you know, we, we finally got it up and running and it was like, nobody touch it, don't do anything. Uh, but obviously that doesn't, that doesn't scale either. And so that's really, you know, being kind of a data science focused shop at storm forge from the very beginning. And that's where our core IP is. Uh, our, our team looked at that problem. And then we looked at, okay, there are a bunch of parameters and ways that I can tune this application. And, uh, why are the configurations set the way that they are? And, you know, uh, is there room to explore? And that's really where, unfortunately, >>Because Mesa said much greater enterprise capabilities as the Docker swarm, at least they were heading in that direction, but you still saw that Kubernetes was, was attractive because even though it didn't have all the security features and enterprise features, because it was just so simple. I remember Jen Goldberg who was at Google at the time saying, no, we were focused on keeping it simple and we're going from mass adoption, but does that kind of what you said? >>Yeah. And we made a bet, honestly. Uh, we saw that the, uh, you know, the growing community was really starting to, you know, we had a little bit of an inside view because we had, we had someone that was very much in the, in the original part, but you also saw the, the tool chain itself start to, uh, start to come into place right. A little bit. And it's still hardening now, but, um, yeah, we, as any, uh, as any startup does, we, we made a pivot and we made a bet and, uh, this, this one paid off >>Well, it's interesting because, you know, we said at the time, I mean, you had, obviously Amazon invented the modern cloud. You know, Microsoft has the advantage of has got this huge software stays, Hey, just now run it into the cloud. Okay, great. So they had their entry point. Google didn't have an entry point. This is kind of a hail Mary against Amazon. And, and I, I wrote a piece, you know, the improbable, Verizon, who Kubernetes to become the O S you know, the cloud, but, but I asked, did it make sense for Google to do that? And it never made any money off of it, but I would argue they, they were kind of, they'd be irrelevant if they didn't have, they hadn't done that yet, but it didn't really hurt. It certainly didn't hurt Amazon EKS. And you do containers and your customers you've embraced it. Right. I mean, I, I don't know what it was like early days. I remember I've have talked to Amazon people about this. It's like, okay, we saw it and then talk to customers, what are they doing? Right. That's kind of what the mindset is, right? Yeah. >>That's, I, I, you know, I've, I've been at Amazon a couple of years now, and you hear the stories of all we're customer obsessed. We listened to our customers like, okay, okay. We have our company values, too. You get told them. And when you're, uh, when you get first hired in the first day, and you never really think about them again, but Amazon, that really is preached every day. It really is. Um, uh, and that we really do listen to our customers. So when customers start asking for communities, we said, okay, when we built it for them. So, I mean, it's, it's really that simple. Um, and, and we also, it's not as simple as just building them a Kubernetes service. Amazon has a big commitment now to start, you know, getting involved more in the community and working with folks like storm forage and, and really listening to customers and what they want. And they want us working with folks like storm florigen and that, and that's why we're doing things like this. So, well, >>It's interesting, because of course, everybody looks at the ecosystem, says, oh, Amazon's going to kill the ecosystem. And then we saw an article the other day in, um, I think it was CRN, did an article, great job by Amazon PR, but talk about snowflake and Amazon's relationship. And I've said many times snowflake probably drives more than any other ISV out there. And so, yeah, maybe the Redshift guys might not love snowflake, but Amazon in general, you know, they're doing great three things. And I remember Andy Jassy said to me, one time, look, we love the ecosystem. We need the ecosystem. They have to innovate too. If they don't, you know, keep pace, you know, they're going to be in trouble. So that's actually a healthy kind of a dynamic, I mean, as an ecosystem partner, how do you, >>Well, I'll go back to one thing without the work that Google did to open source Kubernetes, a storm forge wouldn't exist, but without the effort that AWS and, and EKS in particular, um, provides and opens up for, for developers to, to innovate and to continue, continue kind of operationalizing the shift to Kubernetes, um, you know, we wouldn't have nearly the opportunity that we do to actually listen to them as well, listen to the users and be able to say, w w w what do you want, right. Our entire reason for existence comes from asking users, like, how painful is this process? Uh, like how much confidence do you have in the, you know, out of the box, defaults that ship with your, you know, with your database or whatever it is. And, uh, and, and how much do you love, uh, manually tuning your application? >>And, and, uh, obviously nobody's said, I love that. And so I think as that ecosystem comes together and continues expanding, um, it's just, it opens up a huge opportunity, uh, not only for existing, you know, EKS and, uh, AWS users to continue innovating, but for companies like storm forge, to be able to provide that opportunity for them as well. And, and that's pretty powerful. So I think without a lot of the moves they've made, um, you know, th the door wouldn't be nearly as open for companies like, who are, you know, growing quickly, but are smaller to be able to, you know, to exist. >>Well, and I was saying earlier that, that you've, you're in, I wrote about this, you're going to get better capabilities. You're clearly seeing that cluster management we've talked about better, better automation, security, the whole shift left movement. Um, so obviously there's a lot of momentum right now for Kubernetes. When you think about bare metal servers and storage, and then you had VM virtualization, VMware really, and then containers, and then Kubernetes as another abstraction, I would expect we're not at the end of the road here. Uh, what's next? Is there another abstraction layer that you would think is coming? Yeah, >>I mean, w for awhile, it looked like, and I remember even with our like board members and some of our investors said, well, you know, well, what about serverless? And, you know, what's the next Kubernetes and nothing, we, as much as I love Kubernetes, um, which I do, and we do, um, nothing about what we particularly do. We are purpose built for Kubernetes, but from a core kind of machine learning and problem solving standpoint, um, we could apply this elsewhere, uh, if we went that direction and so time will tell what will be next, then there will be something, uh, you know, that will end up, you know, expanding beyond Kubernetes at some point. Um, but, you know, I think, um, without knowing what that is, you know, our job is to, to, to serve our, you know, to serve our customers and serve our users in the way that they are asking for that. >>Well, serverless obviously is exploding when you look again, and we tucked the ETR survey data, when you look at, at the services within Amazon and other cloud providers, you know, the functions off, off the charts. Uh, so that's kind of an interesting and notable now, of course, you've got Chandler, you've got edge in your title. You've got hybrid in, in your title. So, you know, this notion of the cloud expanding, it's not just a set of remote services, just only in the public cloud. Now it's, it's coming to on premises. You actually got Andy, Jesse, my head space. He said, one time we just look at it. The data centers is another edge location. Right. Okay. That's a way to look at it and then you've got edge. Um, so that cloud is expanding, isn't it? The definition of cloud is, is, is evolving. >>Yeah, that's right. I mean, customers one-on-one run workloads in lots of places. Um, and that's why we have things like, you know, local zones and wavelengths and outposts and EKS anywhere, um, EKS, distro, and obviously probably lots more things to come. And there's, I always think of like, Amazon's Kubernetes strategy on a manageability scale. We're on one far end of the spectrum, you have EKS distro, which is just a collection of the core Kubernetes packages. And you could, you could take those and stand them up yourself in a broom closet, in a, in a retail shop. And then on the other far in the spectrum, you have EKS far gate where you can just give us your container and we'll handle everything for you. Um, and then we kind of tried to solve everything in between for your data center and for the cloud. And so you can, you can really ask Amazon, I want you to manage my control plane. I want you to manage this much of my worker nodes, et cetera. And oh, I actually want help on prem. And so we're just trying to listen to customers and solve their problems where they're asking us to solve them. Cut, >>Go ahead. No, I would just add that in a more vertically focused, uh, kind of orientation for us. Like we, we believe that op you know, optimization capabilities should transcend the location itself. And, and, and so whether that's part public part, private cloud, you know, that's what I love part of what I love about EKS anywhere. Uh, it, you know, you shouldn't, you should still be able to achieve optimal results that connect to your business objectives, uh, wherever those workloads, uh, are, are living >>Well, don't wince. So John and I coined this term called Supercloud and people laugh about it, but it's different. It's, it's, you know, people talk about multi-cloud, but that was just really kind of vendor diversity. Right? I got to running here, I'm running their money anywhere. Uh, but, but individually, and so Supercloud is this concept of this abstraction layer that floats wherever you are, whether it's on prem, across clouds, and you're taking advantage of those native primitives, um, and then hiding that underlying complexity. And that's what, w re-invent the ecosystem was so excited and they didn't call it super cloud. We, we, we called it that, but they're clearly thinking differently about the value that they can add on top of Goldman Sachs. Right. That to me is an example of a Supercloud they're taking their on-prem data and their, their, their software tooling connecting it to AWS. They're running it on AWS, but they're, they're abstracting that complexity. And I think you're going to see a lot, a lot more of that. >>Yeah. So Kubernetes itself, in many cases is being abstracted away. Yeah. There's a disability of a disappearing act for Kubernetes. And I don't mean that in a, you know, in an, a, from an adoption standpoint, but, uh, you know, Kubernetes itself is increasingly being abstracted away, which I think is, is actually super interesting. Yeah. >>Um, communities doesn't really do anything for a company. Like we run Kubernetes, like, how does that help your bottom line? That at the end of the day, like companies don't care that they're running Kubernetes, they're trying to solve a problem, which is the, I need to be able to deploy my applications. I need to be able to scale them easily. I need to be able to update them easily. And those are the things they're trying to solve. So if you can give them some other way to do that, I'm sure you know, that that's what they want. It's not like, uh, you know, uh, a big bank is making more money because they're running Kubernetes. That's not, that's not the current, >>It gets subsumed. It's just become invisible. Right. Exactly. You guys back to the office yet. What's, uh, what's the situation, >>You know, I, I work for my house and I, you know, we go into the office a couple of times a week, so it's, it's, uh, yeah, it's, it's, it's a crazy time. It's a crazy time to be managing and hiring. And, um, you know, it's, it's, it's, it's definitely a challenge, but there's a lot of benefits of working home. I got two young kids, so I get to see them, uh, grow up a little bit more working, working out of my house. So it's >>Nice also. >>So we're in, even as a smaller startup, we're in 26, 27 states, uh, Canada, Germany, we've got a little bit of presence in Japan, so we're very much distributed. Um, we, uh, have not gone back and I'm not sure we will >>Permanently remote potentially. >>Yeah. I mean, w we made a, uh, pretty like for us, the timing of our series B funding, which was where we started hiring a lot, uh, was just before COVID started really picking up. So we, you know, thankfully made a, a pretty good strategic decision to say, we're going to go where the talent is. And yeah, it was harder to find for sure, especially in w we're competing, it's incredibly competitive. Uh, but yeah, we've, it was a good decision for us. Um, we are very about, you know, getting the teams together in person, you know, as often as possible and in the safest way possible, obviously. Um, but you know, it's been a, it's been a pretty interesting, uh, journey for us and something that I'm, I'm not sure I would, I would change to be honest with you. Yeah. >>Well, Frank Slootman, snowflakes HQ to Montana, and then can folks like Michael Dell saying, Hey, same thing as you, wherever they want to work, bring yourself and wherever you are as cool. And do you think that the hybrid mode for your team is kind of the, the, the operating mode for the, for the foreseeable future is a couple of, >>No, I think, I think there's a lot of benefits in both working from the office. I don't think you can deny like the face-to-face interactions. It feels good just doing this interview face to face. Right. And I can see your mouth move. So it's like, there's a lot of benefits to that, um, over a chime call or a zoom call or whatever, you know, that, that also has advantages, right. I mean, you can be more focused at home. And I think some version of hybrid is probably in the industry's future. I don't know what Amazon's exact plans are. That's above my pay grade, but, um, I know that like in general, the industry is definitely moving to some kind of hybrid model. And like Matt said, getting people I'm a big fan at Mesa sphere, we ran a very diverse, like remote workforce. We had a big office in Germany, but we'd get everybody together a couple of times a year for engineering week or, or something like this. And you'd get a hundred people, you know, just dedicated to spending time together at a hotel and, you know, Vegas or Hamburg or wherever. And it's a really good time. And I think that's a good model. >>Yeah. And I think just more ETR data, the current thinking now is that, uh, the hybrid is the number one sort of model, uh, 36% that the CIO is believe 36% of the workforce are going to be hybrid permanently is kind of their, their call a couple of days in a couple of days out. Um, and the, the percentage that is remote is significantly higher. It probably, you know, high twenties, whereas historically it's probably 15%. Yeah. So permanent changes. And that, that changes the infrastructure. You need to support it, the security models and everything, you know, how you communicate. So >>When COVID, you know, really started hitting and in 2020, um, the big banks for example, had to, I mean, you would want to talk about innovation and ability to, to shift quickly. Two of the bigger banks that have in, uh, in fact, adopted Kubernetes, uh, were able to shift pretty quickly, you know, systems and things that were, you know, historically, you know, it was in the office all the time. And some of that's obviously shifted back to a certain degree, but that ability, it was pretty remarkable actually to see that, uh, take place for some of the larger banks and others that are operating in super regulated environments. I mean, we saw that in government agencies and stuff as well. >>Well, without the cloud, no, this never would've happened. Yeah. >>And I think it's funny. I remember some of the more old school manager thing people are, aren't gonna work less when they're working from home, they're gonna be distracted. I think you're seeing the opposite where people are too much, they get burned out because you're just running your computer all day. And so I think that we're learning, I think everyone, the whole industry is learning. Like, what does it mean to work from home really? And, uh, it's, it's a fascinating thing is as a case study, we're all a part of right now. >>I was talking to my wife last night about this, and she's very thoughtful. And she w when she was in the workforce, she was at a PR firm and a guy came in a guest speaker and it might even be in the CEO of the company asking, you know, what, on average, what time who stays at the office until, you know, who leaves by five o'clock, you know, a few hands up, or who stays until like eight o'clock, you know, and enhancement. And then, so he, and he asked those people, like, why, why can't you get your work done in a, in an eight hour Workday? I go home. Why don't you go in? And I sit there. Well, that's interesting, you know, cause he's always looking at me like, why can't you do, you know, get it done? And I'm saying the world has changed. Yeah. It really has where people are just on all the time. I'm not sure it's sustainable, quite frankly. I mean, I think that we have to, you know, as organizations think about, and I see companies doing it, you guys probably do as well, you know, take a four day, you know, a week weekend, um, just for your head. Um, but it's, there's no playbook. >>Yeah. Like I said, we're a part of a case study. It's also hard because people are distributed now. So you have your meetings on the east coast, you can wake up at seven four, and then you have meetings on the west coast. You stay until seven o'clock therefore, so your day just stretches out. So you've got to manage this. And I think we're, I think we'll figure it out. I mean, we're good at figuring this stuff. >>There's a rise in asynchronous communication. So with things like slack and other tools, as, as helpful as they are in many cases, it's a, it, isn't always on mentality. And like, people look for that little green dot and you know, if you're on the you're online. So my kids, uh, you know, we have a term now for me, cause my office at home is upstairs and I'll come down. And if it's, if it's during the day, they'll say, oh dad, you're going for a walk and talk, you know, which is like, it was my way of getting away from the desk, getting away from zoom. And like, you know, even in Boston, uh, you know, getting outside, trying to at least, you know, get a little exercise or walk and get, you know, get my head away from the computer screen. Um, but even then it's often like, oh, I'll get a slack notification on my phone or someone will call me even if it's not a scheduled walk and talk. Um, uh, and so it is an interesting, >>A lot of ways to get in touch or productivity is presumably going to go through the roof. But now, all right, guys, I'll let you go. Thanks so much for coming to the cube. Really appreciate it. And thank you for watching this cube conversation. This is Dave Alante and we'll see you next time.

>> Announcer: From around the globe, it's theCUBE. With digital coverage of AWS re:Invent 2020. Special coverage sponsored by AWS global partner network. >> Okay, welcome back everyone to theCUBE virtual coverage of re:Invent 2020 virtual. Normally we're in person, this year because of the pandemic we're doing remote interviews and we've got a great coverage here of the APN, Amazon Partner Network experience. I'm your host John Furrier, we are theCUBE virtual. Got a great guest from Tel Aviv remotely calling in and videoing, Nimrod Vax, who is the chief product officer and co-founder of BigID. This is the beautiful thing about remote, you're in Tel Aviv, I'm in Palo Alto, great to see you. We're not in person but thanks for coming on. >> Thank you. Great to see you as well. >> So you guys have had a lot of success at BigID, I've noticed a lot of awards, startup to watch, company to watch, kind of a good market opportunity data, data at scale, identification, as the web evolves beyond web presence identification, authentication is super important. You guys are called BigID. What's the purpose of the company? Why do you exist? What's the value proposition? >> So first of all, best startup to work at based on Glassdoor worldwide, so that's a big achievement too. So look, four years ago we started BigID when we realized that there is a gap in the market between the new demands from organizations in terms of how to protect their personal and sensitive information that they collect about their customers, their employees. The regulations were becoming more strict but the tools that were out there, to the large extent still are there, were not providing to those requirements and organizations have to deal with some of those challenges in manual processes, right? For example, the right to be forgotten. Organizations need to be able to find and delete a person's data if they want to be deleted. That's based on GDPR and later on even CCPA. And organizations have no way of doing it because the tools that were available could not tell them whose data it is that they found. The tools were very siloed. They were looking at either unstructured data and file shares or windows and so forth, or they were looking at databases, there was nothing for Big Data, there was nothing for cloud business applications. And so we identified that there is a gap here and we addressed it by building BigID basically to address those challenges. >> That's great, great stuff. And I remember four years ago when I was banging on the table and saying, you know regulation can stunt innovation because you had the confluence of massive platform shifts combined with the business pressure from society. That's not stopping and it's continuing today. You seeing it globally, whether it's fake news in journalism, to privacy concerns where modern applications, this is not going away. You guys have a great market opportunity. What is the product? What is smallID? What do you guys got right now? How do customers maintain the success as the ground continues to shift under them as platforms become more prevalent, more tools, more platforms, more everything? >> So, I'll start with BigID. What is BigID? So BigID really helps organizations better manage and protect the data that they own. And it does that by connecting to everything you have around structured databases and unstructured file shares, big data, cloud storage, business applications and then providing very deep insight into that data. Cataloging all the data, so you know what data you have where and classifying it so you know what type of data you have. Plus you're analyzing the data to find similar and duplicate data and then correlating them to an identity. Very strong, very broad solution fit for IT organization. We have some of the largest organizations out there, the biggest retailers, the biggest financial services organizations, manufacturing and et cetera. What we are seeing is that there are, with the adoption of cloud and business success obviously of AWS, that there are a lot of organizations that are not as big, that don't have an IT organization, that have a very well functioning DevOps organization but still have a very big footprint in Amazon and in other kind of cloud services. And they want to get visibility and they want to do it quickly. And the SmallID is really built for that. SmallID is a lightweight version of BigID that is cloud-native built for your AWS environment. And what it means is that you can quickly install it using CloudFormation templates straight from the AWS marketplace. Quickly stand up an environment that can scan, discover your assets in your account automatically and give you immediate visibility into that, your S3 bucket, into your DynamoDB environments, into your EMR clusters, into your Athena databases and immediately building a full catalog of all the data, so you know what files you have where, you know where what tables, what technical metadata, operational metadata, business metadata and also classified data information. So you know where you have sensitive information and you can immediately address that and apply controls to that information. >> So this is data discovery. So the use case is, I'm an Amazon partner, I mean we use theCUBE virtuals on Amazon, but let's just say hypothetically, we're growing like crazy. Got S3 buckets over here secure, encrypted and the rest, all that stuff. Things are happening, we're growing like a weed. Do we just deploy smallIDs and how it works? Is that use cases, SmallID is for AWS and BigID for everything else or? >> You can start small with SmallID, you get the visibility you need, you can leverage the automation of AWS so that you automatically discover those data sources, connect to them and get visibility. And you could grow into BigID using the same deployment inside AWS. You don't have to switch migrate and you use the same container cluster that is running inside your account and automatically scale it up and then connect to other systems or benefit from the more advanced capabilities the BigID can offer such as correlation, by connecting to maybe your Salesforce, CRM system and getting the ability to correlate to your customer data and understand also whose data it is that you're storing. Connecting to your on-premise mainframe, with the same deployment connecting to your Google Drive or office 365. But the point is that with the smallID you can really start quickly, small with a very small team and get that visibility very quickly. >> Nimrod, I want to ask you a question. What is the definition of cloud native data discovery? What does that mean to you? >> So cloud native means that it leverages all the benefits of the cloud. Like it gets all of the automation and visibility that you get in a cloud environment versus any traditional on-prem environment. So one thing is that BigID is installed directly from your marketplace. So you could browse, find its solution on the AWS marketplace and purchase it. It gets deployed using CloudFormation templates very easily and very quickly. It runs on a elastic container service so that once it runs you can automatically scale it up and down to increase the scan and the scale capabilities of the solution. It connects automatically behind the scenes into the security hub of AWS. So you get those alerts, the policy alerts fed into your security hub. It has integration also directly into the native logging capabilities of AWS. So your existing Datadog or whatever you're using for monitoring can plug into it automatically. That's what we mean by cloud native. >> And if you're cloud native you got to be positioned to take advantage of the data and machine learning in particular. Can you expand on the role of machine learning in your solution? Customers are leaning in heavily this year, you're seeing more uptake on machine learning which is basically AI, AI is machine learning, but it's all tied together. ML is big on all the deployments. Can you share your thoughts? >> Yeah, absolutely. So data discovery is a very tough problem and it has been around for 20 years. And the traditional methods of classifying the data or understanding what type of data you have has been, you're looking at the pattern of the data. Typically regular expressions or types of kind of pattern-matching techniques that look at the data. But sometimes in order to know what is personal or what is sensitive it's not enough to look at the pattern of the data. How do you distinguish between a date of birth and any other date. Date of birth is much more sensitive. How do you find country of residency or how do you identify even a first name from the last name? So for that, you need more advanced, more sophisticated capabilities that go beyond just pattern matching. And BigID has a variety of those techniques, we call that discovery-in-depth. What it means is that very similar to security-in-depth where you can not rely on a single security control to protect your environment, you can not rely on a single discovery method to truly classify the data. So yes, we have regular expression, that's the table state basic capability of data classification but if you want to find data that is more contextual like a first name, last name, even a phone number and distinguish between a phone number and just a sequence of numbers, you need more contextual NLP based discovery, name entity recognition. We're using (indistinct) to extract and find data contextually. We also apply deep learning, CNN capable, it's called CNN, which is basically deep learning in order to identify and classify document types. Which is basically being able to distinguish between a resume and a application form. Finding financial records, finding medical records. So RA are advanced NLP classifiers can find that type of data. The more advanced capabilities that go beyond the smallID into BigID also include cluster analysis which is an unsupervised machine learning method of finding duplicate and similar data correlation and other techniques that are more contextual and need to use machine learning for that. >> Yeah, and unsupervised that's a lot harder than supervised. You need to have that ability to get that what you can't see. You got to get the blind spots identified and that's really the key observational data you need. This brings up the kind of operational you heard cluster, I hear governance security you mentioned earlier GDPR, this is an operational impact. Can you talk about how it impacts on specifically on the privacy protection and governance side because certainly I get the clustering side of it, operationally just great. Everyone needs to get that. But now on the business model side, this is where people are spending a lot of time scared and worried actually. What the hell to do? >> One of the things that we realized very early on when we started with BigID is that everybody needs a discovery. You need discovery and we actually started with privacy. You need discovery in route to map your data and apply the privacy controls. You need discovery for security, like we said, right? Find and identify sensitive data and apply controls. And you also need discovery for data enablement. You want to discover the data, you want to enable it, to govern it, to make it accessible to the other parts of your business. So discovery is really a foundation and starting point and that you get there with smallID. How do you operationalize that? So BigID has the concept of an application framework. Think about it like an Apple store for data discovery where you can run applications inside your kind of discovery iPhone in order to run specific (indistinct) use cases. So, how do you operationalize privacy use cases? We have applications for privacy use cases like subject access requests and data rights fulfillment, right? Under the CCPA, you have the right to request your data, what data is being stored about you. BigID can help you find all that data in the catalog that after we scan and find that information we can find any individual data. We have an application also in the privacy space for consent governance right under CCP. And you have the right to opt out. If you opt out, your data cannot be sold, cannot be used. How do you enforce that? How do you make sure that if someone opted out, that person's data is not being pumped into Glue, into some other system for analytics, into Redshift or Snowflake? BigID can identify a specific person's data and make sure that it's not being used for analytics and alert if there is a violation. So that's just an example of how you operationalize this knowledge for privacy. And we have more examples also for data enablement and data management. >> There's so much headroom opportunity to build out new functionality, make it programmable. I really appreciate what you guys are doing, totally needed in the industry. I could just see endless opportunities to make this operationally scalable, more programmable, once you kind of get the foundation out there. So congratulations, Nimrod and the whole team. The question I want to ask you, we're here at re:Invent's virtual, three weeks we're here covering Cube action, check out theCUBE experience zone, the partner experience. What is the difference between BigID and say Amazon's Macy? Let's think about that. So how do you compare and contrast, in Amazon they say we love partnering, but we promote our ecosystem. You guys sure have a similar thing. What's the difference? >> There's a big difference. Yes, there is some overlap because both a smallID and Macy can classify data in S3 buckets. And Macy does a pretty good job at it, right? I'm not arguing about it. But smallID is not only about scanning for sensitive data in S3. It also scans anything else you have in your AWS environment, like DynamoDB, like EMR, like Athena. We're also adding Redshift soon, Glue and other rare data sources as well. And it's not only about identifying and alerting on sensitive data, it's about building full catalog (indistinct) It's about giving you almost like a full registry of your data in AWS, where you can look up any type of data and see where it's found across structured, unstructured big data repositories that you're handling inside your AWS environment. So it's broader than just for security. Apart from the fact that they're used for privacy, I would say the biggest value of it is by building that catalog and making it accessible for data enablement, enabling your data across the board for other use cases, for analytics in Redshift, for Glue, for data integrations, for various other purposes. We have also integration into Kinesis to be able to scan and let you know which topics, use what type of data. So it's really a very, very robust full-blown catalog of the data that across the board that is dynamic. And also like you mentioned, accessible to APIs. Very much like the AWS tradition. >> Yeah, great stuff. I got to ask you a question while you're here. You're the co-founder and again congratulations on your success. Also the chief product officer of BigID, what's your advice to your colleagues and potentially new friends out there that are watching here? And let's take it from the entrepreneurial perspective. I have an application and I start growing and maybe I have funding, maybe I take a more pragmatic approach versus raising billions of dollars. But as you grow the pressure for AppSec reviews, having all the table stakes features, how do you advise developers or entrepreneurs or even business people, small medium-sized enterprises to prepare? Is there a way, is there a playbook to say, rather than looking back saying, oh, I didn't do with all the things I got to go back and retrofit, get BigID. Is there a playbook that you see that will help companies so they don't get killed with AppSec reviews and privacy compliance reviews? Could be a waste of time. What's your thoughts on all this? >> Well, I think that very early on when we started BigID, and that was our perspective is that we knew that we are a security and privacy company. So we had to take that very seriously upfront and be prepared. Security cannot be an afterthought. It's something that needs to be built in. And from day one we have taken all of the steps that were needed in order to make sure that what we're building is robust and secure. And that includes, obviously applying all of the code and CI/CD tools that are available for testing your code, whether it's (indistinct), these type of tools. Applying and providing, penetration testing and working with best in line kind of pen testing companies and white hat hackers that would look at your code. These are kind of the things that, that's what you get funding for, right? >> Yeah. >> And you need to take advantage of that and use them. And then as soon as we got bigger, we also invested in a very, kind of a very strong CSO that comes from the industry that has a lot of expertise and a lot of credibility. We also have kind of CSO group. So, each step of funding we've used extensively also to make RM kind of security poster a lot more robust and invisible. >> Final question for you. When should someone buy BigID? When should they engage? Is it something that people can just download immediately and integrate? Do you have to have, is the go-to-market kind of a new target the VP level or is it the... How does someone know when to buy you and download it and use the software? Take us through the use case of how customers engage with. >> Yeah, so customers directly have those requirements when they start hitting and having to comply with regulations around privacy and security. So very early on, especially organizations that deal with consumer information, get to a point where they need to be accountable for the data that they store about their customers and they want to be able to know their data and provide the privacy controls they need to their consumers. For our BigID product this typically is a kind of a medium size and up company, and with an IT organization. For smallID, this is a good fit for companies that are much smaller, that operate mostly out of their, their IT is basically their DevOps teams. And once they have more than 10, 20 data sources in AWS, that's where they start losing count of the data that they have and they need to get more visibility and be able to control what data is being stored there. Because very quickly you start losing count of data information, even for an organization like BigID, which isn't a bigger organization, right? We have 200 employees. We are at the point where it's hard to keep track and keep control of all the data that is being stored in all of the different data sources, right? In AWS, in Google Drive, in some of our other sources, right? And that's the point where you need to start thinking about having that visibility. >> Yeah, like all growth plan, dream big, start small and get big. And I think that's a nice pathway. So small gets you going and you lead right into the BigID. Great stuff. Final, final question for you while I gatchu here. Why the awards? Someone's like, hey, BigID is this cool company, love the founder, love the team, love the value proposition, makes a lot of sense. Why all the awards? >> Look, I think one of the things that was compelling about BigID from the beginning is that we did things differently. Our whole approach for personal data discovery is unique. And instead of looking at the data, we started by looking at the identities, the people and finally looking at their data, learning how their data looks like and then searching for that information. So that was a very different approach to the traditional approach of data discovery. And we continue to innovate and to look at those problems from a different perspective so we can offer our customers an alternative to what was done in the past. It's not saying that we don't do the basic stuffs. The Reg X is the connectivity that that is needed. But we always took a slightly different approach to diversify, to offer something slightly different and more comprehensive. And I think that was the thing that really attracted us from the beginning with the RSA Innovation Sandbox award that we won in 2018, the Gartner Cool Vendor award that we received. And later on also the other awards. And I think that's the unique aspect of BigID. >> You know you solve big problems than certainly as needed. We saw this early on and again I don't think that the problem is going to go away anytime soon, platforms are emerging, more tools than ever before that converge into platforms and as the logic changes at the top all of that's moving onto the underground. So, congratulations, great insight. >> Thank you very much. >> Thank you. Thank you for coming on theCUBE. Appreciate it Nimrod. Okay, I'm John Furrier. We are theCUBE virtual here for the partner experience APN virtual. Thanks for watching. (gentle music)

>> From the Silicon Angle Media office, in Boston Massachusetts, it's the Cube. Now, here's your host, Dave Vellante. >> Hi everybody, welcome to this Cube Conversation here in our studios, outside of Boston. My name is Dave Vellante. I'm here with Matt Carroll, who's the CEO of Immuta. Matt, good to see ya. >> Good, nice to have me on. >> So we're going to talk about governance, how to automate governance, data privacy, but let me start with Immuta. What is Immuta, why did you guys start this company? >> Yeah, Immuta is an automated data governance platform. We started this company back in 2014 because we saw a gap in the market to be able to control data. What's happened in the market as changes is that every enterprise wants to leverage their data. Data's the new app. But, governments want to regulate it and consumers want to protect it. These were at odds with one another, so we saw a need of creating a platform that could meet the needs of everyone. To democratize access to data and in the enterprise, but at the same time, provide the necessary controls on the data to enforce any regulation, and ensure that there was transparency as to who is using it and why. >> So let's unpack that a little bit. Just try to dig into the problem here. So we all know about the data explosion, of course, and I often say data used to be a liability, now it's turned into an asset. People used to say get rid of the data, now everybody wants to mine it, and they want to take advantage of it, but that causes privacy concerns for individuals. We've seen this with Facebook and many others. Regulations now come into play, GDPR, different states applying different regulations, so you have all these competing forces. The business guys just want to go and get out to the market, but then the lawyers and the compliance officers and others. So are you attacking that problem? Maybe you could describe that problem a little further and talk about how you guys... >> Yeah, absolutely. As you described, there's over 150 privacy regulations being proposed over 25 states, just in 2019 alone. GDPR has created or opened the flood gates if you will, for people to start thinking about how do we want to insert our values into data? How should people use it? And so, the challenge now is, you're right, your most sensitive data in an enterprise is most likely going to give you the most insight into driving your business forward, creating new revenue channels, and be able to optimize your operational expenses. But the challenge is that consumers have awoken to, we're not exactly sure we're okay with that, right? We signed a YULU with you to just use our data for marketing, but now you're using it for other revenue channels? Why? And so, where Immuta is trying to play in there is how do we give the line of business the ability to access that instantaneously? But also give the CISO, the Chief Information Security Officer, and the governance seems the ability to take control back. So it's a delicate balance between speed and safety. And I think what's really happening in the market is we used to think about security from building firewalls, we invested in physical security controls around managing external adversaries from stealing our data. But now it's not necessarily someone trying to steal it, it's just potentially misusing it by accident in the enterprise. And the CISO is having to step in and provide that level of control. And it's also the collision of the cloud and these privacy regulations. Cause now, we have data everywhere, it's not just in our firewalls. And that's the big challenge. That's the opportunity at hand, democratization of data in the enterprise. The problem is data's not all in the enterprise. Data's in the cloud, data's in SaaS, data's in the infrastructure. >> It's distributed by it's very nature. All right, so there's a lot of things I want to follow up on. So first, there's GDPR. When GDPR came out of course, it was May of 2018 I think. It went into effect. It actually came out in 2017, but the penalties didn't take effect till '18. And I thought, okay, maybe this can be a framework for governments around the world and states. It sounds like yeah sort of, but not really. Maybe there's elements of GDPR that people are adopting, but then it sounds like they're putting in their own twists, which is going to be a nightmare for companies. So, are you not seeing a sort of, GDPR becoming this global standard? It sounds like, no. >> I don't think it's going to be necessarily global standard, but I do think the spirit of the GDPR, and at the core of it is, why are you using my data? What was the purpose? So traditionally, when we think about using data, we think about all right, who's the user, and what authorizations do they have, right? But now, there's a third question. Sure, you're authorized to see this data, depending on your role or organization right? But why are you using it? Are you using it for certain business use? Are you using it for personal use? Why are you using this? That's the spirit of GDPR that everyone is adopting across the board. And then of course, each state, or each federal organization is thinking about their unique lens on it, right? And so you're right. This is going to be incredibly complex. And the amount of policies being enforced at query time. I'm in my favorite, let's just say I'm in Tableau or Looker right? I'm just some simple analyst, I'm a young kid, I'm 22, my first job right? And I'm running these queries, I don't know where the data is, right? I don't know what I'm combining. And what we found is on average in these large enterprises, any query at any moment in time, might have over 500 thousand policies that need to be enforced in real time. >> Wow. >> And it's only getting worse. We have to automate it. No human can handle all those edge cases. We have to automate. >> So, I want to get into how you guys actually do that. Before I do, there seems to be... There's a lot of confusion in the marketplace. Take the word data management, data protection. All the backup guys are using that term, the database guys use that term, GOC folks use that term, so there's a lot of confusion there. You have all these adjacent markets coming together. You've got the whole governance risk and compliance space, you've got cyber security, there's privacy concerns, which is kind of two sides of the same coin. How do you see these adjacencies coming together? It seems like you sit in the middle of all that. >> Yeah, welcome to why my marketing budget is getting bigger and bigger. The challenge we're facing now is I think, who owns the problem right? The Chief Data Officer is taking on a much larger role in these organizations, the CISO is taking a much more larger role in reporting up to the board. You have the line of business who now is almost self-sustaining, they don't have to depend on IT as much any longer because of the cloud and because of the new compute layers to make it easier. So who owns it? At the end of the day, where we see it is we think there's a next generation of cyber tools that are coming out. We think that the CISO has to own this. And the reason is that the CISO's job is to protect the enterprise from cyber risk. And at the core of cyber risk is data. And they must own the data problem. The CDO must find the data, and explain what that data is, and make sure it's quality, but it is the CISO that must protect the enterprise from these threats. And so, I see us as part of this next wave of cyber tools that are coming out. There's other companies that are equally in our stratosphere, like BigID, we're seeing AWS with Macy doing sensitive data discovery, Google has their data loss prevention service. So the cloud players are starting to see, hey, we've got to identify sensitive data. There's other startups that are saying hey, we got to identify and catalog sensitive data. And for us, we're saying hey, we need to be able to consume all that cataloging, understand what's sensitive, and automatically apply policies to ensure that any regulation in that environment is met. >> I want to ask you about the cloud too. So much to talk to you about here, Matt. So, I also wanted to get your perspective on variances within industries. So you mentioned Chief Data Officers. The ascendancy of the Chief Data Officers started in financial services, healthcare, and government where we had highly regulation industries. And now it's sort of seeped into more commercial. But it terms of those regulated industries, take healthcare for example. There are specific nuances. Can you talk about what you're seeing in terms of industry variance. >> Yeah, it's a great point. Starting with like, healthcare. What does it mean to be HIPPA compliant anymore? There are different types of devices now where I can point it at your heartbeat from a distance away and I can have 99 percent accuracy of identifying you, right? It takes three data points in any data set to identify 87 percent of US citizens. If I have your age, sex, location, I can identify you. So, what does it mean anymore to be HIPPA compliant? So the challenge is how do we build guarantees of trust that we've de-identified these DESA's, cause we have to use it, right? No one's going to go into a hospital and say, "You know what, I don't want you to say my life. "Cause I want my data protected," right? No one's ever going to say that. So the challenges we face now across these regulated industries is the most sensitive data sets are critical for those businesses to operate. So there has to be a compromise. So, what we're trying to do in these organizations is help them leverage their data and build levels of proportionality, to access that right? So, the key isn't to stop people from using data. The key is to build the controls necessary to leverage a small bit of the data. Let's just say, we've made it indistinguishable. You can only ask Agriculture and Statistics the question. Well, you know what, we actually found some really interesting things there, we need to be a little bit more useful, it's this trade-off between privacy and utility. It's a pendulum that swings back and forth. As someone proves I need more of this, you can swing it, or just mask it. I need more of it? All right, we'll just redact some of the certain things. Nope, this is really important, it's going to save someone's life. Okay, completely unmasked, you have the raw data. But it's that control that's necessary in these environments, that's what's missing. You know, we came out of the US Intelligence community. We understood this better than anyone. Because highly regulated, very sensitive data, but we knew we needed the ability to rapidly control. Well is this just a hunch, or is this a 9-11 event? And you need the ability to switch like that. That's the difference and so, healthcare is going through a change of, we have all these new algorithms. Like Facebook the other day said, hey, we have machine learning algorithms that can look at MRI scans, and we're going to be better than anyone in the world at identifying these. Do you feel good about giving your data to Facebook? I don't know, but we can maybe provide guaranteed anonymization to them, to prove to the world they're going to do right. That's where we have to get to. >> Well, this is huge, especially for the consumer, cause you just gave several examples. Facebook's going to know a lot about me, a mobile device, a Fit Bit, and yet, if I want to get access to my own medical records, it's like Fort Knox to try to get, please, give this to my insurance company. You know, you got to go through all these forms. So, you've got those diverging objectives and so, as a consumer, I want to be able to trust that when I say yes you can use it, go, and I can get access to it, and other can get access to it. I want to understand exactly what it is that you guys do, what you sell. Is it software, is it SAS, and then let's get into how it works. So what is it? >> Yeah, so we're a software platform. We deploy into any infrastructure, but it is not multi-tenant so, we can deploy on any cloud, or on premises for any customer, and we do that with customers across the world. But if you think about at the core of what is Immuta, think of Immuta as a system of record for the CISO or the line of business where I can connect to any data, on any infrastructure, on any compute layer, and we connect into over 61 different storage platforms. We then have built a UI where lawyers... We actually have three lawyers as employees that act as product managers to help any lawyer of any stature take what's on paper, these regulations, these rules and policies, and they digitize it essentially, in active code. So they can build any policy they want on any data in the ecosystem, in the enterprise, and enforce it globally without having to write any code. And then because we're this plane where you can connect any tool to this data, and enforce any regulation because we're the man in the middle, we can audit who is using what data and why. In every action, in any change in policy. So, if you think about it, it's connect any tool to any data, control it, any regulation, and prove compliance in a court of law. >> So you can set the policy at the data set level? >> Correct. >> And so, how does one do that? Can you automate that on the creation of that data set? I mean you've got you know, dependencies. How does that all work? >> Yeah, what's a really interesting part of our secret sauce is that one, we could do that at the column level, we can do it at the row level, we can do it at the cell level. >> So very granular. >> Very, very granular. This is something again, we learned from the US Intelligence community, that we have to have very fine grained access to every little bit of the data. The reason is that, especially in the age of data, is people are going to combine many data sets together. The challenge isn't enforcing the policy on a static data set, the challenge is enforcing the policy across three data sets where you merge three pieces of data together, who have conflicting policies. What do you do then? That's the beauty of our system. We deal with that policy inheritance, we manage that lineage of the policy, and can tell you here's what the policy will be. >> In other words, you can manage to the highest common denominator as an example. >> Or we can automate it to the lowest common denominator, where you can work in projects together recognizing hey, we're going to bring someone into the project that's not going to have the level of access. Everyone else will automatically change it to the lowest common denominator. But then you share that work with another team and it'll automatically be brought to the highest common denominator. And we've built all these work flows in. That was what was missing and that's why I call it a system of record. It's really a symbiotic relationship between IT, the data owner, governance, the CISO, who are trying to protect the data, and the consumer, and all they want to do is access the data as fast as possible to make better, more informed decisions. >> So the other mega-trend you have is obviously, the super power of machine intelligence, or artificial intelligence, and then you've got edge devices and machine to machine communication, where it's just an explosion of IP addresses and data, and so, it sounds like you guys can attack that problem as well. >> Any of this data coming in on any system, the idea is that eventually it's going to land somewhere, right? And you got to protect it. We call that like rogue data, right? This is why I said earlier, when we talk about data, we have to start thinking about it as it's not in some building anymore. Data's everywhere. It's going to be on a cloud infrastructure, it's going to be on premises, and it's likely, in the future, going to be on many distributed data centers around the world cause business is global. And so, what's interesting to us is no matter where the data's sitting, we can protect it, we can connect to it, and we allow people to access it. And that's the key thing is not worrying about how to lock down your physical infrastructure, it's about logically separating it. And that's why what differentiates us from other people is one, we don't copy the data, right? That's the always the barrier for these types of platforms. We leave the data where it is. The second is we take all those regulations and we can actually, at query time, push it down to where that data is. So rather than bring it to us, we push the policy to the data. And what that does is that's what allows us, what differentiates us from everyone else is, it allows us to guarantee that protection, no matter where the data's living. >> So you're essentially virtualizing the data? >> Yeah, yeah. It's virtual views of data, but it's not all the data. What people have to realize is in the day of apps, we cared about storage. We put all the data into a database, we built some services on top of it and a UI, and it was controlled that way, right? You had all the nice business logic to control it. In the age of data, right? Data is the new app, right? We have all these automation tools, Data Robot, and H20, and Domino, and Tableau's building all these automation work flows. >> The robotic process automation. >> Yeah, RPA, UI Path, the Work Fusion, right? They're making it easier and easier for any user to connect to any data and then automate the process around it. They don't need an app to build a unique work flows, these new tools do that for them. The key is getting to the data. And the challenge with the supply chain of data is time to data is the most critical aspect of that. Cause, the time to insight is perishable. And so, what I always tell people, a little story, I came from the government, I worked in Baghdad, we had 42 minutes to know whether or not a bad guy in the environment, we could go after him. After that, that data was perishable, right? We didn't know where he was. It's the same thing in the real world. It's like imagine if Google told you, well, in 42 minutes it might be a good time to go 495. (laughter) It's not very useful, I need to know the information now. That's the key. What we see is policy enforcement and regulations are the key barrier of entry. So our ability to rapidly, with no latency, be able to connect anyone to that data and enforce those policies where the data lives, that's the critical nature. >> Okay, so you can apply the policies and you do it quickly, and so now you can help solve the problem. You mentioned a cloud before, or on prem. What is the strategy there with regard to various clouds and how do you approach multi-clouds? >> I think cloud is what used to be an infrastructure as a service game, is now becoming a compute game. I think large, regulated enterprises, government, healthcare, financial services, insurance, are all moving to cloud now in a different way. >> What do you mean by that? Cause people think infrastructure as service, they'll say oh that's compute storage and some networking. What do you mean by that? >> I think there's a whole new age of software that's being laid on top of the availability of compute and the availability of storage. That's companies like Databricks, companies like Snowflake, and what they're doing is dramatically changing how people interact with data. The availability zones, the different types of features, the ability to rip and replace legacy warehouses and main frames. It's changing the ability to not just access, but also the types of users that could even come on to leverage this data. And so these enterprises are now thinking through, "How do I move my entire infrastructure of data to them? "And what are these new capabilities "that I could get out of that?" Which, that is just happening now. A lot of people have been thinking, "Oh, this has been happening over the past five years," no, the compute game is now the new war. I used to think of like, Big Data, right? Big Data created, everyone started to understand, "Ah, if we've got our data assets together, "we can get value." Now they're thinking, "All right, let's move beyond that." The new cloud at our currents works is Snowflake and Databricks. What they're thinking about is, "How do I take all your meta-data "and allow anyone to connect any BI tool, "any data science tool, and provide highly performance, "and highly dependable compute services "to process petabytes of data?" It's pretty fantastic. >> And very cost efficient and being able to scale, compute independent of storage, from an architectural perspective. A lot of people claim they can do that, but it doesn't scale the same way. >> Yeah, when you're talking about... Cause that's the thing is you got to remember, these financial systems especially, they depend on these transactions. They cannot go down and they're processing petabytes of data. That's what the new war is over, is that data in the compute layer. >> And the opportunity for you is that data that can come from anywhere, it's not sitting in a God box, where you can enforce policies on that corpus. You don't know where it's coming from. >> We want to be invisible to that right? You're using Snowflake, it's just automatically enforced. You're using Databricks, it's automatically enforced. All these policies are enforced in flight. No one should even truly care about us. We just want to allow you to use the data the way you're used to using it. >> And you do this, this secret sauce you talked about is math, it's artificial intelligence? >> It's math. I wish I could say it was like super fancy, unsupervised neural nets or what not, it's 15 years of working in the most regulated, sticky environments. We learned about very simple novel ways of pushing it down. Great engineering's always simple. But what we've done is... At query time, what's really neat is we figured a way to take user attributes from identity management system and combine that with a purpose, and then what we do is we've built all these libraries to connect into all these dispert storage and compute systems, to push it in there. The nice thing about that is prior to this what people were doing, was making copies. They'd go to the data engineering team and they'd say hey, "I need to ETL this "and get a copy and it'll be anatomized." Think about that for a second. One, the load on your production systems, of all these copies, all the time, right? The second is CISO, the surface area. Now you've got all this data that in a snapshot in time, is legal and ethical, might change tomorrow. And so, now you've got an increase surface area of risk. Like that no-copy aspect. So the pushing it down and then the no-copy aspect really changed the game for enterprises. >> And you've got providence issues, like you say. You've got governance and compliance. >> And imagine trying, if someone said to you, imagine Congress said hey, "Any data source that you've processed "over the past five years, I want to know if "there was these three people in any of these data sources "and if there were, who touched that data "and why did they touch it?" >> Yeah and storage is cheap, but there's unintended consequences. People are, management isn't. >> We just don't have a unified way to look at all of the logs cross listed. >> So we started to talk about cloud and then I took you down a different path. But you offer your software on any cloud, is that right? >> Yeah, so right now, we are in production on Immuta's Marketplace. And that is a managed service, so you can go deploy in there, it'll go into your VPC, and we can manage the updates for you, we have no insight into your infrastructure, but we can push those updates, it'll automatically update, so you're getting our quarterly releases, we release every season. But yeah, we started with AWBS, and then we will grow out. We see cloud is just too ubiquitous. Currently, we still support though, Bigquery, Data Praq, we support Azure, Data Light Storage version two, as well as Azure Databricks. But you can get us through Immuta's Marketplace. We're also investing in ReInvent, we'll be out there in Vegas in a couple weeks. It's a big event for us just because obviously, the government has a very big stake in AWBS, but also commercial customers. It's been a massive endeavor to move. We've seen lots of infrastructure. Most of our deals now are on cloud infrastructure. >> Great, so tell us about the company. You've raised, I think in a Series B, about 28 million to date. Maybe you could give us the head count, and whatever you can share about momentum, maybe customer examples. >> Yeah, so we've raised 32 million to date. >> 32 million. >> From some great investors. The company's about 70 people now. So not too big, but not small anymore. Just this year, at this point, I haven't closed my fiscal year, so I don't want to give too much, but we've doubled our ARR and we've tripled our LOGO count this year alone and we've still got one more quarter here. We just started our fourth quarter. And some customer cases, the way I think about our business is I love healthcare, I love government, I love finance. To give you some examples is like, COGNO is a really great example. COGNO and what they're trying to solve is can they predict where a child is on the autism spectrum? And they're trying to use machine learning to be able to narrow these children down so that they can see patterns as to how a provider, a therapist is helping these families give these kids the skills to operate in the real world. And so it's like this symbiotic relationship utilizing software, surveys and video and what not, to help connect these kids that are in similar areas of the spectrum, to help say hey, this is a successful treatment, right? The problem with that is we need lots of training data. And this is children, one, two, this is healthcare, and so, how do you guarantee HIPPA compliance? How do you get through FDA trials, through third party, blind testing? And still continue to validate and retrain your models, while protecting the identity of these children? So we provide a platform where we can anonymize all the data for them, we can guarantee that there's blind studies, where the company doesn't have access to certain subsets of the data. We can also then connect providers to gain access to the HIPPA data as needed. We can automate the whole thing for them. And they're a startup too, there are 100 people. But imagine if you were a startup in this health-tech industry and you had to invest in the backend infrastructure to handle all of that. It's too expensive. What we're unlocking for them, I mean yes, it's great that they're HIPPA compliant and all that, that's what we want right? But the more important thing is like, we're providing a value add to innovate in areas utilizing machine learning, that regulations would've stymied, right? We're allowing startups in that ecosystem to really push us forward and help those families. >> Cause HIPPA compliance is table stay compulsory. But now you're talking about enabling new business models. >> Yeah, yeah exactly. >> How did you get into all this? You're CEO, you're business savvy, but it sounds like you're pretty technical as well. What's your background? >> Yeah I mean, so I worked in the intelligence community before this. And most of my focus was on how do we take data and be able to leverage it, either for counter-terrorism missions, to different non-kinetic operations. And so, where I kind of grew up in is in this age of, think about billions of dollars in Baghdad. Where I learned is that through the computing infrastructure there, everything changed. 2006 Baghdad created this boom of technology. We had drones, right? We had all these devices on our trucks that were collecting information in real time and telling us things. And then we started building computing infrastructure and it burst Hadoop. So, I kind of grew up in this era of Big Data. We were collecting it all, we had no idea what to do with it. We had nowhere to process it. And so, I kind of saw like, there's a problem here. If we can find the unique little, you know, nuggets of information out of that, we can make some really smart decisions and save lives. So once I left that community, I kind of dedicated myself to that. The birth of this company again, was spun out of the US Intelligence community and it was really a simple problem. It was, they had a bunch of data scientists that couldn't access data fast enough. So they couldn't solve problems at the speed they needed to. It took four to six months to get to data, the mission said they needed it in less than 72 hours. So it was orthogonal to one another, and so it was very clear we had to solve that problem fast. So that weird world of very secure, really sensitive, but also the success that we saw of using data. It was so obvious that we need to democratize access to data, but we need to do it securely and we need to be able to prove it. We work with more lawyers in the intelligence community than you could ever imagine, so the goal was always, how do we make a lawyer happy? If you figure that problem out, you have some success and I think we've done it. >> Well that's awesome in applying that example to the commercial business world. Scott McNeely's famous for saying there is no privacy in the internet, get over it. Well guess what, people aren't going to get over it. It's the individuals that are much more concerned with it after the whole Facebook and fake news debacle. And as well, organizations putting data in the cloud. They need to govern their data, they need that privacy. So Matt, thanks very much for sharing with us your perspectives on the market, and the best of luck with Immuta. >> Thanks so much, I appreciate it. Thanks for having me out. >> All right, you're welcome. All right and thank you everybody for watching this Cube Conversation. This is Dave Vellante, we'll see ya next time. (digital music)

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to you by spunk. >>Okay, welcome back. Everyone's two cubes. Live coverage in Las Vegas. Force plunks dot com This is their annual conference. A 10 year anniversaries. Cubes coverage. For seven years I've been covering this company from Start up the I P O to Grove to now go on to the next level as a leader and security. Our next guest is Scott Ward, principal solutions architect for AWS. Amazon Web service is obsolete, reinvents coming up. I'm sure you're super busy, Scott, but you're here at Splunk dot com there big partner of AWS? Yeah, >>Yeah, definitely. I mean flux. Ah, great partner that we've had a strong relationship was flown for quite a long time. Both sides of the house eight of us and slugger are leaning in thio help add value to our mutual customers, say, even building on that spokesman, a >>longtime customer. And so you guys are really focused on cloud security had your inaugural reinforce event in Boston this year, of which we broadcasted live videos on YouTube, youtube dot com says silken angle interested. But this was really kind of, Ah, watershed moment because it wasn't your classic security show. He was a cloud security. >>Yeah, it was definitely. It was very much focused on just kind of focusing in, and in some ways it actually allowed People who don't normally get to come to a native of this event or focus on security really got deeper into security. Security of us is our top priority, and we want to make sure that our customers really understanding and being able to execute on that and be able to feel confident in what they're doing on running on AWS >>and spunk has become a very successful on. Some people call him the one in the number 1/3 party vendor in security for workload. APS. Elsie Long files it What single FX for Tracing Micro Service's around the corner. A lot of good things there. But as the cloud equation starts to come in, where the operation's need to have security and on premises edge clouds, roll of Amazon and your partner's air super important, you talk about that relationship and how that's evolving. >>Yeah, I don't think you talk about our partners. It's definitely very important, you know, we have, you know, it says lots of different service is on its platform that we allow customers to use. But those partners come in and help fill out the gaps where customers need somebody to be able to provide Maura or Extra, especially look at security so that that shared responsibility model we have, where the top half is the customers responsibility and a lot of flexibility and what they could do. And that means that they can bring in the partners they want, help them to be able to accomplish the things that they wanted to >>tell. What the security hub. Amazon's best security, huh? What's that about? >>Sure, Security Hub is a service that we actually launched out. Reinforce it. Generally available. Then it's focused on really giving customers visibility into high severity security alerts and their compliance status while they're running across. All the eight of US accounts allows them thio, aggregate, prioritize and sort all of this data coming from from multiple data sources, and we talk about those multiple data source. It really is a couple of different areas. Amazon Guard duty and was on inspector names on Macy. Also third party products. If customers using third party security products that can feed into security up to kind of give them that visibility. And then it's also running continuous compliance checks against the customers. AWS account's gonna let them know where they stand when it comes to compliance, where they need to go and correct things with a counter, the resource level. So really, you know, labeling customers to kind of get a lot more visibility and what's going on with US >>environment. We've been covering this and reporting on the story, but Amazon on cloud providers of general Amazon Azure, Google Cloud Platform customers relying more and more on you guys for security. But you have a relationship with slung, say 1/3 party. How did they fit in that a Splunk fit into that security hub model? How's that going? Is just clarified that relationship six. Plunk and Security >>Yes. So when you talk about Splunk in security, if there's actually a couple different angles there, one is Splunk enterprise product. It is a consumer of all the data that is in a customer security have environment so you can feed all that data into the enterprise product. Be able to kind of go ask the questions and take all the data that security provided, as well as all the other data that's unspoken, really be able to get some deep insights and what's going on in your environment. And then on top of that is the Splunk Phantom integration, which I'm really, really excited about. Because spunk is with Fantomas, Long customers actually take action on their security data, so customers have often told us like it's great you're making all this data available to me on I can see it, But what do I actually do with it? What? How am I gonna do something with it? So way advocate a lot for customers to be able to automate what they're doing when it comes to their security findings and get the humans out of the way as much as possible so they can really be adding a lot of value. So security feeds us to phantom and Phantom can run play books that will do as much or as little on that security. Finding data to kind of integrate that finding into the customers operational work flows and collect the right information are hopefully ultimately remediated that security findings so that customers can get some sleep and they can focus on other things that are more important. >>Talk about fancy for a minute, just to kind of change. Usually you mentioned that, obviously, I thought Oliver interview and reinforce. And here recently, he's one of the team's bunked with company. What is wise, faith and so >>popular? I think Phantom is popular because a couple things one. It is allowing customers, too, to resolve, intermediate and address an issue with what works for them and work full that works for them. It's not making them thio clearly fall into a particular box. They can add or remove pieces. The fact that it's it's very python based. It's usually in the security community so that they can probably find Resource is that can actually orchestrate build these playbooks and then then, once the bill playbooks that could reuse those pieces to address other issues or things that are coming up. So I get A allows them to really kind of scale, be able to kind of be able to accomplish these things when it comes to automation and addressing with security alerts as they continue to grow, you know, >>it makes things go faster, frees up people's time for productivity. >>I totally feel that that's That's one of the main reasons that people are looking at this. >>So someone's using Splunk for its own sake. I'm a Splunk customer. Okay, Security hub. Why should I use both? What's sure just clarify that peace >>is a couple of reasons where I would say that somebody would want to use both. One is security. Obvious is the continuous compliance check. So today, security have offers checks based on the Center for Internet Security. Eight of US bench work. So we are continuously running those cheques. There's about 43 rules that we are running. Each of those checks against your AWS accounts or resource is in those accounts until you where you are not in compliance. Get overall score. You could dig into what, what, where you needed to do further there. Security. Look at it's a central integration spot to get stuff into Splunk as well, so you can have guard duty, Macy inspector and third party stuff coming into security help and then you that one stop shop to get all that data into spunk, enterprise or phantom, and then The third thing is the fact that security it gives you that security view across multiple eight of US accounts. You can designate a master account, invite all your other organization accounts to share those findings, and your security team could go into security up and have one view of your overall security landscape. Be able to look at one single piece of glass, but across all of your organizations like those, those are some key value points. I would say that in addition to spunk in a customer might use security. >>Well, Scott's been great insight on thanks for clarifying the Splunk 80 relationship. Let's pretend I'm a customer for a minute. I'm like, Hey, Scott, you're switching Architect. Thanks for the free consulting with you Live on Cube. So I'm a Splunk customer. Log files. I see they got some tracing stuff going cloud native going to the cloud. We're employing Amazon. I'm a buyer customer Splunk And they got a lot of new stuff and seems awesome. Sore identified. 6.0 is out. How do I What do I do? How do I architect my swan give me more headroom? Grow my swung capabilities with same time. Take advantage. All the radios. Goodness. Would you lay that out? >>I would say I would say, You know, I like your spunk. You kind of You know what? You bought spunk for a particular reason. It's there to answer questions. Is there take data and is lying to kind of move forward? I would definitely architectures long to be able to consume as much data as possible. He did. We have lots of different integrations. Consume that. You shouldn't move away from that. So I would definitely use that. I would use security hub for kind of getting that centralization spot for everything related to your eight of us environments that can then be your central spot into a Splunk. You have people that it's really not necessary for them to be in the Splunk. They don't know Splunk security. It might be a good spot for them to actually do some investigations and learn things as well so that they could do their job. And then you really kind of used with deep technology and quarry capability is slowing to kind of do those deeper dives really understanding what's going on in your environment, something you know as a buyer. I think you could use both. And I think there's a there's room for you to kind of take advantage of both and get the best of both worlds. >>It's really exciting with security going on. It's kind of crazy the same time because you have clouds scale. You guys have been led. The market there continue to be leaders in Cloud Cloud scale, Dev ops. Everything else on the roll volume of data is increased so much. You guys just had your inaugural conference reinforced, and I want to get your thoughts on. This is a solution. Architect of someone in the field difference between traditional security chasing the bad guys defending intrusion, detection. All that good stuff. Cloud security because you have all the security shows out. There are s a black hat. Def Con Cloud Security introduces a new element around howto architect solutions. What should people know about the impact of clouds security as they start thinking ballistically around their enterprise, >>right? I think the important thing I think is you know, the things you mentioned. The vulnerability scanning the intrusion detection is all still important in the cloud. I think the key thing that the cloud offers is the fact that you have the ability to now automate and integrate your security teams more tightly with the things that you're doing and you can. Actually, we always talk about the move fast and stay secure. Customers choose eight of us for self service, the elasticity of the price, and you can take advantage of those unless your security can actually keep up with you. So the fact that everything is based on an FBI you could define infrastructure is code. You can actually enforce standards now where they be before you write a line of code in your dad's office Pipeline were actually being able to detect and react to those things all through code and in a consistent way really allows you to be able to look in your security in a different way and take the kind of philosophy and minds that you've always had around security but actually able to do something with it and be able to maybe do the things you've always wanted to do. But I've never had a chance to do so. I think I think security can actually keep up with you and actually help you different. You're different to your business. Even more than maybe it didn't. >>New capabilities are available now with new options. Exactly. Great stuff. Conversations here at dot com for in Vegas Splunk conference. I'll see they're using You guys have reinvent coming up people be their first week of December. You got a music festival to intersect, which is gonna be fun, But I'm not 10 that. Yeah, don't fall over and die from all these. What are you talking about here? What are the key conversations you're having here? Sure. Here at swan dot com, on your booth to customers. What is it? What's the mean? Sure, >>I think the main talking point is and I'm actually presenting it in the breakout theater this afternoon. We're talking about that taking action portion of like, Data's insecurity or data's in eight of us. How do you do something with what are we enable? And how does a partner like Splunk come in? And what is that? Taking action actually looked like to allow you to be able to do things that scale and be able to leverage on take advantage of your precious resource is and use them in the best way possible something. But that's a lot of the conversation that we're having and things that were focused. >>And what do you hope to walk away packs tonight? It's gonna be for people leaving that session. >>I think I think people should should walk away and understand that it is within their reach to be able to actually be able to to kind of have this nirvana of being able to sit to react to security events and not have to have a human engaged in every single thing. It is a crawl, walk, run type approach you're gonna need to figure out. How do I know when I see this one of the things I want to do? How do I automate that? Validate that that's actually true and then implement it and then go back and do the next thing that really like customers to walk away to know that that is possible on that, with a little bit of investment, they can make it happen and that at a certain point it will really have benefits. >>Well, eight of us have been following you guys for eight years of Cuba's will be our ninth year, I think for reinvent been fun to watch Amazon growing. I'm sure they'll be. Thousands of new announcements every year is always away with volume of new stuff. Give a plug for a second on the Amazon partner. Never was your part of your arm and scope of relationships with third party partners how important it is. And what are some of the cool things going on? Sure. So I >>mean the elves on Partner Network we're focused on partnering with, You know, it's really that cell with motion where we're going out and AWS is selling the partners selling. We work with technology providers and solution systems integrators, and we're really focused on just working with them to make sure that the best solution possible is being created four customers so that they could take advantage of the partner solution and the eight of us cloud, and that they're getting some sort of a unique value that they're going to get by using the cloud and that partner solution together to help them be security or or any other sort of area that they feel more confident. That could be more successful in the crowd through a combination of both of us and >>there's a whole team. It's not like a few guys organization, hole or committed. Thio Amazon partners. >>Yes, yes, yes. I mean, you know, I'm one of many solution architects on the part of team way have partner managers. We have market. We have the whole gamut of people that are working globally with our partners to help them really kind of have a great success. And in a great story to tell about >>people throw on foot out there. Amazon doesn't work with partners. Not true. >>We have tens of thousands of partners, and that's my job. I'm working with partners on a daily basis. I would events like this. Someone phone calls I'm providing guidance is very much a core thing that we're focusing on. >>Harder Network has got marketplace. Amazons are really putting. Their resource is behind with mission of helping customs with partners. >>Yes, definitely. And and we do that a lot of our ways way have partners and go through tears way have confidence sees that we actually allow partners to get into, so customers can really go find who's who's the best or who should I be looking at first when I have this particular problem to solve their we've got a security confidence. He may have confidence season really working to help our customers understand. Who are these partners and how can they help that with >>We've been following Terry. Wisest career is an amazing job. No, he's handed the reins over to new new management is gonna chill for awhile. Congratulations on all your success with Amazon and appreciate it. Thanks for Thanks for having me, Scott War Pretty Solutions for AWS Amazon Webster's here inside the Cube at Splunk dot com 10th year of their conference, Our seventh year covering with Cuba, John Kerry will be back with more after this short break.

>> live from New York. It's the Q covering AWS Global Summit 2019 brought to you by Amazon Web service is >> Welcome back to New York City. This is a W s summit and I'm stew Minutemen. My co host is Corey Quinn. We've talked to Amazon executives. We've talked to some customers. We've also talked to some of the partners and part of the partner ecosystem is course these startups aws very robust ecosystem that they've been building out. And one of the pieces were real excited to dig into in the surveillance space habit of revering program for first time. Ken Robinson, the CEO and founder of Goto Software who is the maker of cloud pegboard, take so much for joining us >> having to be here so exciting. >> Alright, So, Cloud pegboard, you had us hooked when we talked about you know, serverless you know, the the information overload that we all feel in the United with world. Cory's got a full time job helping with that and other things related to it s oh, bring us a little bit about, you know, pegboard in your background. >> Yeah, I want to help you out. So my background is I ran a major cloud transformation to Amazon. My past job, which I left in January and really solve problems, information overload, was slowing people down, people making sub optimal choices. They're spending a lot of time trying to keep up. Sometimes we have to be fact because they didn't have the right information the right time. And I realized we need to solve this. And it wasn't just in our organization. Every Amazon practitioner across the planet really needs help to keep up. When I talked with people, these conferences, it that's like the main comment, like, I can't consume it >> all. How you keep up can it is staggering. Actually, I stopped asking about two years ago how you keep up because I talked to some amazingly smart, well connected people and they're like, No, no, it's impossible. But I want you to comment on something I used to be. When you talking about, I need to start this. I should have started a year ago, but I didn't, so I should start now and now it feels like, Well, if I could, I actually should wait a couple of months or six months or even a year but I absolutely get started. So I guess I might as well start now because things change at such a pace. I mean, that that, you know. Oh, wait. If I could just wait a little bit longer Gonna be Maurin better and cheaper and faster s O. You know what you're taking kind of pace of change in the industry. >> Well, you know, one thing is, I think you just have to keep agile and buy into the fact you're going to have to throw away things like don't get so buried filled with what you can do today as best you can. But be ready to re factor and get rid of it. >> Oh! Oh, my God. I had the i t organization and the whole our quarters. Everything in i t is additive. Nothing ever dies. But I do agree with you. We have been for more than a decade. You know why our analyst team and talking, You have to get rid of stuff that needs to be able to do that. You know, sunk costs is something you're familiar with. Economics is you know, I need to understand that that even have been doing it for a while. We need to be able to cut that. But way have these attachments to the things we've been doing and how we've been doing it. No change isn't necessarily easy, >> right? Well, there's a reason some of the attacks is because there's a lot of investment to build up in the first place. And when you put so much sweat into it, then I don't want to undo it. When it gets easier to build, it's easier to throw away. So I was just giving this talk earlier and saying I religiously stick with infrastructure is code because if you do that, it's just so easy to make incremental changes. And again, Serverless makes everything so much easier if we don't get married to something. If it's changing like one window function, yeah, it's just kind of a bench of a big deal. So if you invest a little bit lessons easier by making use of special, the high level managed service is then it's easier to the pivot from one thing to another. One needs to. >> Yeah, something I found is I play with this stuff myself in a very similar space, with less comprehensiveness and far more sarcasm, I suspect than your service does, is that when you're building everything out of composited Lambda Functions tied together in a micro service's style. Re factoring one of those micro service is usually doesn't take more than a day or two as opposed to, Oh, just rebuild the entire monolith from scratch, which it feels like everyone tries to do. At some point, it almost enforces good behavior. It makes it easier to evolve as I've been your experience it differently. >> Absolutely. So this two things it helps. It's easy to re factor and throw things out because it's small and it's again, you're not married to it as much, but also easy to incrementally add on. So I have this whole tier of these micro service. Is that a captain? All this data that we're pulling in from multiple sources, whether it's Amazon's Web site or terror, for more get up any source I confined that has data that I want to organize help with my users. So we get Henry finding new data sources, leaks new data sources, essentially a new lambda function. It's independent, and if I change it, we actually had one recently I found a better data source. I just threw up the old one and plugged in the new one. And it really was less than a day to write the new function and a brilliant into production. So, yeah, >> can you know, one of the answers I've had for a long time is you know, I need to rely on, you know, my consultants and my suppliers because, you know, you don't even understand some of these architectural things that are going on. And things are changing so fast. So you know, how much can software solve this for us? And you know that the tools itself, I have to imagine there's still a lot of people involved. >> Yeah. There's always gonna be a lot of people involved. And there is no free lunch that, you know, every architect or developer of the Amazon. You still need to get yourself trained, get the certifications, read the white papers, keep up to date with all the changes. And we really do is we're running inside again. That's my past. Life is an enterprise. You really want to build internal excellence. Certainly we can use outside help when you need it. Augmentation. and blasts my people everywhere. But you definitely wanna have some internal expertise. And people are committed to growing and continuing going to New York summit, going to reinvent talking to people and always constantly learning It's going to take human effort to help, uh, filter down and find out. Where is the trend that I really need to start thinking about? Hopefully people. It is a tool helps people be much more efficient and focus in much easier. But nothing will replace engineers, which is a good thing, >> right? And for those who are outside of the, I guess very small fraternity we have apparently built. Now there are two of us who track this stuff for a living. It's it is far more complex than most people would accept. Why don't you just sign up for the R. S s feed? Well, for starters, there's over a dozen official aws R s s feed, and they're not all inclusive. You have to look at poor request getting merchant there a p I updates. You see it in cloud formation and terra form from time to time. And I am certainly not comprehensive. In fact, when I built my newsletter. Originally my thought was that someone was gonna point out something like Cloud Backboard and say, Well, idiot, use this instead. And then I shut it down and admit defeat, and that was the plan. Instead, a bunch of people signed up, and now I want people to read it for the joke's not because it's the only half sensible way to figure out what happened last week. No, I'm a huge fan of the problem you're solving in the way you've got about doing it. That said, when we talk about service architectures, you mentioned spinning up Lambda functions and tying it back into other things. But as they mention Nicky, no today server. This goes beyond just functions as a service. There's a lot more to it than that. What else is your architecture >> includes everything. Serverless exclusively. So >> So they're poking on. So you're collecting every service thing they offer and then some just a get style points there, regardless. >> Well, so you know, one of the half several strategic principles and one of them is to rely solely on serve Ellis because I just can't afford a small start up to be building out Mon function requirements that are building the business. So S O. S to be hosting dynamodb cloudfront ap Gateway. Then we use will all these features Not only do I use all serverless, but we're also using for disaster recovery designed so that we're using some additional features within these, so it's easier fail over. So cloudfront, for example, has Arjun fail over a relatively new feature and it's really amazing, right? I can go to my S three and I have the benefits of estimates service hosting. But now, in a failure cloudfront relative my alternate region continue our operating same thing with dynamodb using global table replication only >> and continuous backup, which they released. I'm not kidding. Three days after I really needed it. It's that seems like that's always the case where they have these features and they come in right after you need to read if you build a crappy version of it and it's one of those. But I love about things at a relatively small scale like this is the economics are ridiculous. It's well, watch out for continuous backups that could be expensive, and I wound up checking it, and it wound up being something like two cents a month. Yeah, I work real hard to bring enough in to cover the back up. Yeah, I >> had someone come up to me after one of the talks and asking like he's not in Amazon. He's thinking the moving there. It's like how much you I have something a little bit similar to what you're doing, and how much will it cost? How much like Budget and I say, To be honest, I've got some credits, Levin warning, but I can't spend them. I can't. I want to accelerate by spending money. I can't do it, especially with dynamodb. Used to be that you would provisions something, a lot of eye ops and that would rack up really fast. Now I'm using the on demand, and it's just not costing anything. So that's what again. This Burn was talking about not paying for idle time, >> and some of the monitoring tools in the surveillance space air still approaching it from an economic first perspective, which for anything that isn't already scaled out, is ludicrous. It has, like warnings, going arrows going up or down on my spend on my land is every month, and it's 22 cents. It's I appreciate where you're going with this, but maybe that's not the driving concern right now. So I >> had a funny experience where I turned on Macy so we could get some good inspection on the anomaly buckets. And on the first of the month, I got a notice saying, Hey, you exceeded the free tier. I was in a bit of a panic has been more than once. I'm sad to say that I've let things run longer than they should and paid the price, and I owe something has run amok. Well, it turns out, just because of the metadata scans, it does kind of use a lot of access is. But then still was under a buck for the whole month by the time outs and done because I came in to begin the month with a bunch of scanning. Yeah, it's just a big fan of service. I did this thing. >> Yeah, I was just Kennedy. Speaking of survival is an Amazon event Bridge was announced this morning. Really building that event ecosystem around Lambda. Curious what impact that will have on you will cloud pegboard be able to go outside of AWS to kind of understand some of these sacks applications. >> I have to learn more about it. I was not in on a preview or anything, so I don't know exactly get. But But yes, we will rip apart meeting with other providers anywhere. There's an information source that can help developers hone in better and kind of get everything in the right place at the right time on. So, yes, things like that will help, especially if it can work through. I don't want to be opening up sqs cues way worried about the I am the cross account. That could be complicated, so I'll be interested to learn. And I don't know yet if that will help in those sorts of integrations, especially on the office. Can't authentication and authorization aspects of it? >> Yeah, there's a lot of promise in the idea of being able to give the minimum viable, required a p. I call for something third party. It seems like there they'll integrate into something like that. Well, here's how I am works and then we have to worry about access controls and oh yeah, there's no direct i p address the white list. And on and on and on. It's challenging to forcibly upgrade third parties. Unless you're effectively a giant, world spanning company, you can demand that they do it. So this it really feels like we're meeting third parties in some ways where they are. >> Yeah, I think so. And I think this is looking forward to them because I want to both consume maybe eyes. But also all my data is available via AP I So today it's a bit of a traditional. No, he and rest would have been the face, but if I could export that in other ways, that would be very interesting as well. >> I think it's too easy to get stuck in the economic story of times. I know it's weird is a cloud economist to be saying that, But when it comes to server list, the value is less about cost control, and saving money on it is you don't have to worry about entire subsets of problems capacity planning your effectively when it comes to things like Lambda Dynamodb and the rest. The constraint on scaling is going to be your budget. I promise. No matter who these budgets are, go for me. This is what they run amazon dot com on. I don't think I'm gonna do more business than that. Unless I really miss configure something. Challenge accepted. >> Yeah. Yeah. So I totally agree that scaling is the value, but it's also this more right. The scaling is absolutely one. And then, in addition to fragility, because survivalist means service. But now the term is getting confused, right? It means so many things. So I was saving serverless managed service is to help Seo. I'm talking about more than compute, but it also means is I'm getting a very high level function. So I'm getting so for David, we're using Comprehend. That's an awful lot of stuff going on under there that I don't have to worry about. I mean, I literally have an intern in a couple of days, completed a task to do some entity extraction of such a Amazon service stains out of unstructured data. She was able to do it. She just finished a freshman year, right? I was able to do this with minimal training because it's survivalist shouldn't worry about scalability. What she needed to know is that oh, I can use this function. I could read maybe I documentation, and I could just use it for me. Another big function behind step, but also no maintenance low, maybe a more accurate term. But essentially, it's no maintenance, especially for a small start up. I used to have businesses way back when pre Internet I ran an aviation weather service in my life was the bane of my existence because it had to be. At 24 7 I had satellite dishes that would get snowed on. I was an idiot. Did this in New England. They have to shovel him off at four in the morning. I don't like waking up in the middle of the night to serve my computers. They should serve me. And in the service of the fact that there's no maintenance stuff, just runs. You think about the times. How many times have you had a serve in the past when you just thought you should reboot it every week? Because maybe >> because tradition, >> tradition and maybe there's a leak somewhere, Melinda function reboots. Every invocation. It just never happens that I have run out of resource is something that I'm just a love affair. >> All right, so So Ken. It's obvious how you feel about server list, but as a start up, just give us a final thoughts on what it's like to be a startup that is on with and, you know, using AWS. >> Well, for me, it's fantastic. It allows me to focus on the problem, to solve immediately and by using high in the stack like you're saying surveillance capabilities. I'm not worried about the infrastructure. I read a little bit of confirmation. I deploy it, and I'm always working on business logic and functionality, and I'm not worrying about well, its scale. Do I have to maintain it, I think, really focus on the problems to solve, and that's where they've been very helpful to make. So now we have something where I can scale. I'm hoping I'm not there yet, but every Amazon practitioner should want to use cloud pegboard. I think it helps with a general problem, so I need to be able to scale to millions. Firstly, I don't know what the doctor is going to be, but I have confidence because I'm using all these service capabilities. S3 will do it. Amazon Gateway in Lambda will do it, so I don't worry about it. So for a start up, to not have to worry about that is it's really pretty powerful. >> And by the time you wind up in a cost prohibitive situation, we're okay. Running some baseline level load that something that isn't server Lis begins to make significant economic sense. At that point, your traffic volumes definitional hier so high that by that point there's a team of people who will be able to focus on that. You don't need to bring those people into get off the ground in >> the same way, right? It's that fast start, and we gotta learn. There's so much to learn here with any start up. But you know, in mind as well to really get some of the user experience, get the feedback. It's We have a lot of good ideas, and I think what we have now is helpful. I have a long term road map with a lot of great ideas, but it's gonna take a lot of user feedback to say, Is this working and the service lets you tried things quickly. I could get in front of people, get that learning cycle going and iterated fast as possible. So that will be really important. All right, >> Ken Robbins really help you appreciate you educating our audience. Climb aboard. Wish you best of luck with >> it. I appreciate being here. >> All right. For Cory Quinn. I'm still minimum, and we'll be back with more coverage here from eight of US Summit in New York City. Thanks. Always for watching the cue.

(upbeat music) >> Welcome to this special Cube Conversation. We're here in Palo Alto, California with a special guest. Dialing in remotely Paul Martino, the founder of Bullpen Capital and also the producer of an upcoming film called The Inside Game. It's a story about a true story about an NBA betting scandal. It's really, it's got everything you want to know. It's got sports, it's got gambling, it's got fixing of games. Paul Martino, known for being a serial entrepreneur and then an investor, investing in some great growth companies, and now running his own firm called Bullpen Capital, which bets on high-growth companies and takes them to the next level. Paul, great to see you. Thanks for spending the time. Good to see you again. >> John, always good to see you. Thanks for having me on the show. >> So, you're a unique individual. You're a computer science whiz, investor, entrepreneur, now film producer. This story kind of crosses over your interests. Obviously in Philly, you're kind of like me, kind of a blue collar kind of guy. You know hot starters when you see it. You also were an investor in a lot of the sports, gambling, betting, kind of online games, we've talked about in the past. But now you're crossing over into filming movies. Which is, seems like very cool and obviously we're living in a date of digital media where code is software, code is content, obviously we believe that. What's this movie all about? All the buzz is out there, Inside Game. You get it on sports radio all the time. Give us the scoop. Why Inside Game? What's it about? Give us the 411. >> Yeah, so John, I mean, this is a story that picked me. My producing partner in this is a guy named Michael Pierce who made a bunch of great movies, including The Cooler, one of the best gambling movies, with William H Macy. And he says sometimes the movie picks you and sometimes you pick the movie. And I wasn't sitting around one day going wow I want to be a movie producer, it was just much more that my cousin is the principal in the story. My cousin was the go-between between the gambler and the referee. The three of them were friends ever since they were kids. And when they all got out of jail Tommy called me, Tommy Martino. He said hey Paulie, you're about the only legitimate business guy I know. Could you help me with my life rights? And that's how this started almost six years ago. >> And what progressed next? You sat down, had a couple cocktails, beers, said okay here's how we're going to structure it. Was it more brainstorming and then it kind of went from there? Take us through that progression. >> It was a pure intellectual property exercise, and this is where being a startup guy was helpful. I was like, Tommy, I'll buy your life rights. Maybe we'll get a script written, we'll put it on the shelf, so that if anybody ever wants to make this story they have to go through us. Almost like a blocking patent or a copyright. And he's like okay cool. And so I said I have no delusions of ever making this movie. I actually don't know that, I don't know anybody to make a movie. This is not my skill set. But if anybody ever wants to make the movie, they're going to have to come deal with us. And then the lucky break happens, like anything in a startup. I have this random meeting with a guy named Michael Pierce, who was at a firm called WPS Challenger out of London. And we're down in Hillstone in Santa Monica, and I say to him, I say I've got this script written about this NBA betting scandal, would you do me a favor? He literally laughs in my face. He goes a venture guy from Silicon Valley is going to hand me a script. What a bad, anyway, I was like look dude, I'm a good guy to have owe you a favor so just read this dang thing. About 8 hours later my phone rings, he says who the hell is Andy Callahan? This is the best script I've ever read in my entire life. Let's go make a movie. Andy Callahan was a friend of a friend from high school who wrote the script. He actually once beat Kobe Bryant when he was a center at Haverford when Kobe Bryant played at Lower Merion here in the Philly suburbs. So, it's kind of this local Philly story. I'm a local Philly blue collar guy, we put the pieces together, and I'll be danged and now six years later the film is in the can and you're probably going to see it during the NBA finals this year in June. >> All right, so there's some news out there it's on the cover on ESPN Magazine, the site is now launched. I've been hearing buzz all morning on this in the sports radio world. A lot of buzz, a lot of organic virality around it. Reminds of the Crazy, Rich Asians, which kind of started organically, similar kind of community behind it. This has really got some legs to it. Give us some taste of what's some of the latest organic growth here around the buzz. >> Yeah so, think about this. This happened in, primarily '06 and '07. They were sentenced in 2010 and were in jail in 2011. It is 2019 and the front page story on ESPN is What Tim, Tommy, and Jimmy Battista Did. Those were the three guys, the gambler, the ref, and the go-between. And this is a front page story on ESPN all these years later. So we know this story has tremendous legs. We know this movie has a tremendous built-in audience. And so now it's just our job to leverage all those marketing channels, places we pioneered, like Zynga and FanDuel to get people who care about the story into the theaters. And we're hoping we can really show people how to do a modern way to market a film using those channels we've pioneered at places like FanDuel and Zynga. >> You and I have had many conversations privately and here on the Cube in the past around startups disruption, and it's the same pattern right? No one thinks it's a great idea, you get the rights to it, and you kind of got to find that inflection point, that magical moment which comes through networking and just hard work and hustle. And then you've got everything comes together. And then it comes together. And then it grows. As the world changes, you're seeing digital completely change the game on Hollywood. For instance, Netflix, you've got Prime, you've got Hulu. This is, essentially, a democratization, I'm not saying, well first of all you've made some money so you had some dough to put into it, but here's a script from a friend. You guys put it together. This is now the new startup model going to Hollywood. Talk about that dynamic, what's your vision there? Because this, I think, is an important signal in how digital content, whether it's guys in the Cube doing stuff or Cube Studios, which we'll, we have a vision for. This is something that's real. Talk about the dynamic. How do you see the entrepeneurial vision around how movies are made, how content's made, and then, ultimately, how they're merchandised in the future. >> Right, there's a whole, there's a whole bunch of buckets. There's the intellectual property bucket of the story, the script, etc. Then there's the bucket of getting the movie made. You know, that's the on the set and that's the director and that's post-production, and then there's the marketing. And what was really interesting is even though I'd never made a movie, two of those three buckets I knew a tremendous amount about from my experience as a startup investor. The marketing and the IP side I understood almost completely, even though I'd never made a film. And so all of the disruptive technologies that we learn for doing disruptive things like marketing a new thing called Daily Fantasy Sports, we were able to bring to bear to this film. Now, I had fun on the set and meeting all the actors, etc. But I had no delusion that I knew about the making of the movie part. So I plead ignorance there, but of the three buckets that you need to go make something in the media space 66% of what I knew as a startup guy overlapped and I think this is what the future of the media is. Because guys like me and you, John, we actually know a lot about this because we're startup people as opposed to we have to learn about it in terms of how to market and how to get an audience. I mean, my last company Aggregate Knowledge designs custom audiences for ad targeting. So we know how to find gamblers to go see this movie. That's literally the company I started. And so that's a thing that I'm very, very comfortable with and it's exciting to then work with the producer who did the creative and the director and I say hey guys, I've got this marketing thing under control, I know how to do it, oh by the way, the old Head of Marketing from FanDuel, he's a consultant to the project. Right, so, we got that. >> You got that, and the movie's being made. That's also again, back to entrepreneurship, risk. You got to take risks, right? This is all about risk management at the end of the day and you know, navigating as the lead entrepreneur, getting it done, there's heavy lifting and costs involved in making the movie, >> Right >> How did you, that's like production, right? You got to build a product. That is ultimately the product when it has to get to market. How did that go, what's your thoughts on your first time running a movie like this, from a production standpoint, learnings, observations? >> I learned a tremendous amount. I must admit, I was along for the ride on that piece of the puddle, puzzle. The product development piece of this was all new to me. But then again, I mean think about it, John, I started four companies, a social network, an ad targeting company, a game company, and a security company. I didn't know anything about those four companies when I started them either in terms of what the product needed to do. So learning a new product called make a movie was kind of par for the course, even though I didn't really know anything about it. You know, if you're going to be a startup person you got to have no fear. That's the real attribute you need to have in these kinds of situations. >> So I got to >> And so, witnessed that first-hand and, you know what, now, if I ever make a movie again I kind of know how to make that product. >> Yeah, well looking forward. You've got great instincts as an entrepreneur. I love hanging out with you. I got to ask you a question. I talk to a lot of young people, my son and his friends and I see people coming out of business school, all this stuff. You know, every college has an entrepreneurial program. Music, film, you know, whatever, they all have kind of bolted on entrepreneurship. You're essentially breaking down that kind of dogma of that you have to have a discipline. Anyone can do this, right? So talk about the folks that are out there, trying to be entrepreneurial, whether you're a musician. This is direct to consumer. If you have skills as an entrepreneur it translates. Talk about what it takes to be an entrepreneur, if you're a musician or someone who has, say, content rights or has content story. What do they do? What's your advice? >> We have lived through, perhaps the most awesome period of the last five to 10 years, where it got cheap to do a startup. You know, when we're doing our first startups 20 years ago, it cost 5 million bucks to go get a license from Oracle and go hire a DBA and do all that stuff. You know what, for 5 grand you can get your website up, you can build, you can use your iPhone, you can film your movie. That's all happened in the last five to 10 years. And what it's done is exactly the word you used. It's democratized who can become an entrepreneur. Now people who never thought entrepreneurship was for them, are able to do it. One of our great examples of this is Ipsy, our cosmetics company. You know, Michelle Phan was a cocktail waitress working in Florida, but she had this YouTube following around watching her videos of her putting her makeup on. And you know when we met her, we're like you know what? You're the next generation of what entrepreneurs look like. Because no, she didn't go to Stanford. She didn't have a PhD in computer science, but she knew what this next generation of content marketing was going to look like. She knew what it was to be a celebrity influencer. You know, that company Ipsy makes hundreds of millions of dollars every year now, and I don't think most people on Sand Hill would've necessarily given Michelle the chance because she didn't look like what the traditional entrepreneur looked like. So it's so cool we live in a time where you don't need to look like what you think an entrepreneur needs to look like or went to the school you had to think you'd go to to become an entrepreneur. It's open to everybody now. >> And the key to success, you know, again, we've talked about those privately all the time when we meet, but I want to get your comment on the record here. But I mean, there's some basic blocking and tackling that's independent of where you went to school that's being creative, networking, networking, networking, you know, and being, good hustle. And being, obviously good judgment and being smart. Do your thoughts on the keys to success for as those folks saying hey you know I didn't have to go to these big, fancy schools. I want to go out there. I want to test my idea. I want to go push the envelope. I want to go for it. What's the tried and true formula from your perspective? >> So when you're in the early stage of hustling and you want to figure out if you're good at being an entrepreneur, I tell entrepreneurs this all the time. Every meeting is a job interview. Now, you might not think it's a job interview, but you want to think about every meeting, this might be the next person I start my company with. This might be the person I end up hiring to go run something at my company. This might be the person I end up getting money for, from to start my company. And so show up, have some skills, have some passion, have a vision, and impress the person on the other side of the table. Every once in a while I get invited to a college and they're like well Paul, life's easy for you, you started a company with Mark Pinkus and you're friend with Reid Hoffman and this... Well how the hell do you think I met those people? I did the same thing I'm telling you to do. When I was nobody coming out of school, I went and did stuff for these guys. I helped them with a business plan. I wrote the code of Tribe, and then now all of the sudden we've got a whole network of people you can go to. Well, that didn't happen by accident. You had to show up and have some skills, talent, and passion and then impress the person on the other side of the table. >> Yeah >> And guess what? If you do that enough times in a row, you're going to end up having your own network. And then you're going to have kids come in and say, wow, how can I impress you? >> Be authentic, be genuine, hustle, do networking, do the job interview, great stuff. All right, back to final point I want to get your thoughts on because I think this is your success and getting this movie out of the gate. Everyone, first, everyone should go see Inside Game. Insidegamemovie.com is the URL. The site just went up. This should be a great movie. I'm looking forward to it, and knowing the work that went in, I followed your journey on this. It should be great. I'm looking forward to seeing it. Uh, digital media, um, your thoughts because we're seeing a direct to consumer model. You've got the big companies, YouTube, Amazon, others. There's kind of a, a huge distribution of those guys. The classic Web 2.0 search kind of paradigm and portal. But now you've got a whole 'nother set of distribution or network effects. Your thoughts, because you were involved in, again, social networking before it became the monster that it is now. How is digital media changing? What's your vision of how that's happening and how does someone jump on that wave and be successful? >> Yeah, we're in the midst of disruption. I mean, I'm in the discussions and final negotiations right now on how we're going to end up ultimately doing the film distribution. And I am very disappointed with the quality of the thinking of the people on the other side of the table. Because they come from very traditional backgrounds. And I'm talking to them about, I want to do a site takeover across Zynga. I want to do a digital download on FanDuel of a 20 minute clip of the film. And they're like what's FanDuel? Who's Zynga? And I'm sitting there, I'm like guys, this is the new media. Oh, by the way, there's a sports app called Wave and Wave is where the local influencers in the markets who want to write the stories are, and we want to do a deal with those guys. And oh, by the way, the CEO of that company is a buddy of mine I met years ago, right? One of those kids I gave advice to, and now I'm going to ask him for a favor from, right, that's how it works. But, it's amazing when you have these conversations with traditional old line media companies. They don't understand any of the words coming out of your mouth. They're like Paul, here's how much I'll give you for your film. Thank you, we'll go market it. I'm like, really? Seriously? I got the former CMO of FanDuel going to help out on this. You don't want to talk to him? >> Yeah >> And so this is where the industry is really ripe for disruption. Because the people from the startup world have already disrupted the apple cart and now we've just got to demonstrate that this model is going to continue to work for the future and be ready when the next new kind of digital transmedia thing comes along and embrace that, as opposed to be scared to death of it or not even know how to talk the language of the people on it. >> Well, you're doing some amazing venturing in your, kind of, unique venture capital model on Bullpen Capital. Certainly isn't your classic venture capital thing, so I'm sure people are going to be talking to you about oh, Paul, are all VCs going to be doing movies? I'm sure that's a narrative that's out there. But you're not just a normal venture capital. You certainly invest. So, venture capitals have reputation issues right now. People talk about, well, you know, they're group think. You know, they only invest in who they see themselves. You mentioned that comment there. The world's changing in venture. Your thoughts on that, how you guys started your firm, and your evolution of venture capital. And is this a sign that you'll see venture capitalists go into movies? >> Well, I don't know about that part. There have been a couple venture people who have done movies. But the part I will talk about is the you got to know somebody, it's an inside game, ha ha, we'll play double entendre on Inside Game here. You know, 20% of the deal we've done at Bullpen, we've done over 100. 20% of them were cold emails on something like LinkedIn or business plans at bullpen.com. 20%, now there's this old trope in venture if you don't get a warm intro I won't even talk to you. Well 20% of our deals came in and we had no idea who the person on the other side was. That's how we run the firm. And so if you're out there going I'm one of those entrepreneurs in the Midwest and no one, I don't know anyone. I'm not in a network, send me a plan. I'm someone who's going to look at it. It doesn't mean I'm going to be an investor, but you know what I'm going to do? I'm going to give you a shot. And I don't care where you're from or what school you went to or what social clique you're in or what your political persuasion is. Matter of fact, I literally don't care. I'm going to give you a shot. Come into my office and that, I think, is what was missing in a lot of firms, where it's a we only do security and we only look at companies that spun out of Berkeley and Stanford. And yeah, there can be an old boys network in that. But you know what, we like to talk to everybody. And the more blue collar the CEO is, the more we love them at Bullpen. >> That's awesome. Talk about the movie real quick on terms of how Hollywood's handling it. Um, expectations, in terms of reaction, was it positive, is it positive, what's the vibe going on in Hollywood, is this going to be a grassroots kind of thing around the FanDuels and your channels? What's your plan for that and what's the reaction of Hollywood? >> So it's going to be a lot of all of the above. But PR is going to be a huge component, I mean, part of the reason we're on today is there's a huge front page story on ESPN about Tim Donaghy and the NBA betting scandal of 2007. And so the earned media is going to be a huge component of this. And I think this is where the Hollywood people do understand the language we're speaking. We're like, look, we have a huge built-in audience that we know how to market to. We have a story. Actually, in the early days, you asked about risk? Back when I was thinking about if I would do this project I would do the following little market research. I'd walk into a sports bar, it didn't matter what town I was in. I could be in Dallas, I could be in Houston, I could be in Boston. I would literally walk up to the bar and say, hey, uh, six of you at the bar, ever hear of Tim Donaghy? It'd be amazing. About seven out of 10 people would go yeah he was the referee, crooked referee in the NBA. I'm like, this is amazing. Seven out of 10 people I meet in a bar know about the story I want to go tell. That sounds like a good chance to make a movie, as opposed to a movie that has no built-in audience. And so, a built-in audience with PR channels that we know work, I think we can really show Hollywood how to do this in a different way if this all works. >> And this comes back to my point around built-in audiences. You know, YouTube has got a million subscribers. That's kind of an old metric. That means they, like an RSS feed kind of model. That's a million people that are, could be, amplifying their network connections. It is a massive built-in audience. The iteration, the DevOps kind of mindset, we talk about cloud computing, can be applied to movies. It's agile movie making. That's what you're talking about. >> Yeah, and by the way, so we have a social network of all the actors and people in the film. So when it's ready, let's go activate our network of all the actors that are in the film. Each of them have a couple million followers. So let's go be smart. Let's, two weeks before the movie, let's send some screenshots. A week before the movie let's show some exclusive videos. Two days before the film, go see it, it's now out in the theaters. You know what, that's pretty, that's 101. We've got actors. We've got producers. Like, let's go use the influencer network we built that actually got the movie made. Let's go on Sports Talk, talk about the movie. Let's go on places like this and talk about how a venture guy made a movie. This is the confluence of all of the pieces all coming together at once. And I just don't think enough people in the film business or in the media business think big enough about going after these audiences. It's oh, we're going to take ads out on TV and I'm going to see my trailer and we're going to do this and that's how we do it. There's so many better ways to get your audience now. >> And this is going to change, just while I've got you here, it's just awesome, awesome conversation. Bringing it back to kind of the CMO in big companies, whether it's consumer or B to B or whatever, movies, the old model of here's our channels. There's certainly this earned media kind of formula and it's not your classic we've got a website, we're going to do all this instrumentation, it's a whole 'nother mechanism. So talk about, in your opinion, the importance of earned media, vis a vis the old other buckets. Owned media, paid media, well-defined Web 1.0, Web 2.0 tactics, earned media is not just how good is our PR? It's actually infrastructure channels, it's networks, a new kind of way to do things. How relevant and how important will this be going forward? Because there's no more website. It's a, you're basically building a media company for this movie. >> That is exactly right. We're building an ad hoc media business. I think this is what the next generation of digital agencies are going to look like. And there are some agencies that we've talked to that really understand all of what you've just said. They are few and far between, unfortunately. >> Yeah, well, Paul, this was theCube. We love talking to people, making it happen. Again, our model's the same as yours. We're open to anyone who's got signal, and you certainly are doing a great job and great to know you and follow your entrepreneur journey, your investment journey, and now your film making journey. Paul Martino, General Pen on Bullpen Capital, with the hot film Inside Game. I'm definitely going to see it. It should be really strong and it's going to be one of those movies like Crazy, Rich Asians, where not looking, not really well produced, I mean not predicted to be great and then goes game buster so I think this is going to be one of those examples. Paul, thanks for coming on. >> Love it, thank you! >> This Cube Conversation, I'm John Furrier here in Palo Alto, California, bringing ya all the action. Venture capitalist turned film maker Paul Martino with the movie Inside Game. I'm John Furrier, thanks for watching. (triumphant music)

(upbeat music) >> Live from San Francisco it's theCUBE. Covering IBM Think 2019. Brought to you by IBM >> Welcome back to theCUBE. I'm Lisa Martin with John Furrier and we are on a rainy San Francisco day. Day three of theCUBE's coverage of IBM Think 2019 here to talk shopping. One of my favorite topics. We have Katie Dunlap VP of Global Unified rather Commerce and Marketing for Bluewolf part of IBM. Katie welcome to theCUBE. >> Welcome, thank you. >> And from Salesforce we have Ben Cesare Senior Director of Global Industry Retail Solutions. Ben it's great to have you on our program. >> How are you? >> Excellent. >> Good. >> Even though we are at the rejuvenated Moscone Center which is fantastic and I think all of the hybrid multi cloud have opened upon San Francisco. >> Right. >> It's a very soggy day. So Katie IBM announced a partnership with Salesforce a couple of years ago. >> Right. >> Just yesterday John and I were chatting. We heard Ginni Rometty your CEO talk about IBM is number one implementer of Salesforce. Talk to us a little bit about the partnership before we get into some specific examples with that. >> So we know that part of that partnership it's really to leverage the best of the technology from Salesforce as well as IBM and ways that we together married together create opportunities for the industry and specifically here today we're talking about retail. >> So on the retail side Salesforce as a great SAS company they keep on blowing the records on the numbers performance wise. SAS business has proven it's a cloud business but retails is a data business. >> Yes. >> So how does IBM look at that? What's the relationship with retail? What's the solution? >> Yeah. >> And what are people looking at Salesforce for retail. >> Yeah, I think it's really important to understand where our strengths are and I think when you talk about Salesforce you talk about Marketing Cloud and Commerce Cloud, Service Cloud. We call that the engagement layer. That's how we can really interact with our consumers with our shoppers. But at the same time to really have a great connection with consumers you need to have great data. You need have great insights. You need to understand what's happening with all the information that drives choices for retailers and that's why the relationship with IBM is absolutely so strong and it is a data driven relationship. Together I guess you can see the customers in the middle. So we have our engagement layer and a data layer. Together we satisfy the customer. >> Lisa what's the solution specifically because obviously you guys going to market together to explain the tactical relationship. You guys join sale, is it an integration? >> Sure. So what we have done given the disruption that's happening right now in the retail space and with the customer at the center of that conversation we've been looking at ways that what the native functionality for Salesforce is Einstein as an intelligent layer and for IBM it's Watson. So where do they complement one another? And so looking at retail with commerce and marketing and service as the center of that conversation and engagement layer. How are we activating and working with a customer from a collection of data information standpoint and activating that data all through supply chain. So the experience is not just the front experience that you and I have when we go to a site it's actually how and when is that delivered to me. If I have an issue how am I going to return that. So we've looked at the entire customer journey and looked at ways that we can support and engage along the way. So for us, we're looking at as you see retail and the way it's evolving is that we're no longer just talking about that one experience where you're actually adding to your cart and your buying. It goes all the way through servicing that customer returning and making sure that information that's specific to me. And if I can choose how I'm going to have that inventory sent to me and those products sent to me. That's exactly what we're looking to do. >> So then the retailer like a big clothing store is much more empowered than they've ever been. Probably really demanded by us consumers who want to be able to do any transaction anywhere started on my phone finish on a tablet, etc. So I can imagine maybe Ben is this like a Watson and Einstein working together to say take external data. Maybe it's weather data for example and combine those external data sources with what a retailer has within their customer database and Salesforce to create very personalized experiences for us shoppers as consumers. >> Right, and where retailers really can grow in terms of the future is really accessing all that data. I think if you look at some of the statistics retailers have up to 29 different systems of records and that's why some of our experiences are very good some of our experiences are not very good. So together if we can collapse that data in a uniform way that really drives personalization, contextual selling so you can actually see what you're buying why you're buying it, why it's just for me. That's the next level and I must say with all the changes in the industry there's some things that will never change and that is consumers want the right product, the right price, the right place and the right time. All enveloped in a great customer experience. That will never change but today we have data that can inform that strategy and when I was a senior merchant at Macy's years ago, I had no data. I had to do a lot of guessing and when mistakes are made that's when retailers have a problem. So if retailers are using data to it's benefit it just make sure that the customer experiences exceptional. And that's what we strive to do together. >> And I can build on that if we're thinking like specifically how we're engaged from a technology perspective. If I'm a merchandiser and I decide I want to run a promotion for New York and I want to make sure before I run that promotion that I have the right inventory and that I not only I'm I creating the right message but I have the information that I need in order to make that successful. One of the things that we partner with Salesforce on is the engagement layer being Salesforce. But in the back end we have access to something called Watson Embedded Business Agent and that business agent actually goes out and talks to all the disparate systems. So it doesn't have to be solutions that are necessarily a homegrown by IBM or Salesforce Watson could actually integrate directly with them and sits on top. So as a merchandiser I can ask the question and receive information back from supply chain. Yes there's enough product in New York for you to run this promotion. It can go out and check to see if there's any disruption that's expected and check in with weather so that as on the back end from an operation standpoint I'm empowered or the right data in order to run those promotions and be successful. >> It's interesting one of the things that comes up with her this expression from IBM. There's no AI without IA information architecture. You talk about systems of record all this silo databases. There's low latency you need to be real time in retail. So this is a data problem, right? So this is where AI really could fit in. I see that happening. The question that I have as a consumer is what's in it for me? Right? So Ben, tell us about the changes in retail because certainly online buying mobile is happening. But what are some of the new experiences that end users and consumers are seeing that are becoming new expectations? What's the big trend in retail? >> Well there's two paths they're your expectations as a consumer, then there's the retailer path and how they can meet your expectations. So let's talk about you first. So what you always want is a great customer experience. That's what you want. And what defines that is are they serving me the products I want when I want them? Are they delivering them on time? Do the products work? If I have a problem, how am I treated? How am I served? And these are all the things that we address with the Salesforce solutions. Now let's talk about the retailer. What's important to the retailer is next retailer myself. It was important that I understood what is my right assortment? And that's hard because you have a broad audience of consumers, you have regional or local requirements. So you want to understand what's the right assortment and working with IBM with their (mumbles) optimizer that helps us out in terms how we promote through our engagement later. That's number one. Number two, how about managing markdowns. This year there were over $300 billion in markdown through retailers. Half of those markdowns 150 billion were unplanned markdowns and that goes right to your P&L. So we want to make sure that the things we do satisfy the consumer but not at the expense of the retailer. The retailer has to succeed. So by using IBM supply chain data information we can properly service you. >> It's interesting we see the trend in retail I mean financial services for early on. >> Yeah. >> High-frequency trading, use of data. That kind of mindset is coming to retail where if you're not a data driven or data architecturally thinking about it. >> Yeah. >> The profit will drop. >> Yeah. >> Unplanned markdowns and other things and inventory variety of things. This is a critical new way to really reimagine retail. >> Yeah retail has become such a ubiquitous term there's retail banking, there's retail in every parts of our life. It's not just the store or online but it's retail everywhere and someone is selling their services to you. So I think the holy grail is really understanding you specifically. And it's not just about historical transact which you bought but behavioral data. What interests you. What are the trends and data has become a much broader term. It's just not numbers. Data is what are your trends? What are you saying on social media? What are you tweeting out? What are you reading.? What videos are you viewing? All that together really gives a retailer information to better serve you. So data is really become exponential in it's use and in it's form. >> So I'm curious what you guys see this retails it's very robust retail use case as driving in the future. We just heard yesterday one of the announcements Watson anywhere. I'm curious leveraging retail as an example and the consumerization of almost any industry because we expect to have things so readily and as you both point out data is commerce. Where do you think this will go from here with Watson Einstein and some of the other technologies? What's the next prime industry that really can benefit from what you're doing in retail? >> I think that I'll start and probably you can add that in as well. But I think that it's going to bleed into everything. So health and life sciences, consumer goods, product goods. We've talked about retail being all different kinds of things right now. Well CPG organizations are actually looking at ways to engage the customer directly and so having access utilizing Watson as a way of engaging and activating data to create insights that you've never thought of before. And so being able to stay a step ahead anticipate the needs stay on the bleeding edge of that interaction so that you're engaging customers in a whole new way is what we see and it's going to be proliferated into all kinds of different industries. >> Yes, every merchant every buyer wants to be able to predict. I mean won't that be incredible be able to see around the corner a bit and and while technologies don't give you the entire answer they can sure get you along the way to make better decisions. And I think with Watson and Einstein it does exactly that. It allows you to really predict what the customers want and that's very powerful. >> I want to get you guys perspective on some trend that we're seeing. We hear Ginni Rometty talk about chapter two of the cloud, you almost say there's a chapter two in retail, if you look at the certainly progressive way out front, doing all the new things. People doing the basics, getting an online presence, doing some basic things with mobile kind of setting the table a foundations, but they stare at the data problem. They almost like so it's a big problem. I know all this systems of record. How do I integrate it all in? So take us through a use case of how someone would attack that problem. Talking about an example a customer or a situation or use case that says okay guys help me. I'm staring at this data problem, I got the foundation set, I want to be a retail have to be efficient and innovative in retail, what do I do? Do I call IBM up, do I call Salesforce? How does that work? Take us through an example. >> So I think the first example that comes to mind is I think about Sally Beauty and how they're trying to approach the market and looking at who they are and many retailers right now because there's such a desire to understand data. Make sure that your cap. Everyone has enough data. But what is the right data to activate and use in that experience. So they came to us to kind of look at are we in the right space because right now everyone's trying to be everything to all people. So how do I pick the right place that I should be and am I in the right place with hair care and hair color? And the answer came back yes. You are in the right space. You need to just dive deeper into that and make sure that that experience online so they used a lot of information from their research on users to understand who their customers are, what they're expecting. And since they sell haircare product that is professional grade. How do I make sure that the customers are getting using it in the proper way. So they've actually created an entire infused way of deciding what exactly hair color you need and for me as a consumer, am I actually buying the right grade level from me and am I using that appropriately. And that data all came from doing the research because they are about to expand out and add in all kinds of things like (mumbles) where you're going into the makeup area but really helping them stay laser focused on what they need to do in order to be successful. >> Because you guys come and do like an audit engage with them on a professional service level. >> Yes, we went end-to-end >> And the buying SAS AI and then they plug in Salesforce. >> Yes, so they actually already had Salesforce. So they had the commerce solution marketing and service. They were fairly siloed so we go back to that whole conversation around data being held individually but not leveraging that as a unit in order to activate that experience for the consumer. What they have decided as a result of our work with them. So we came in and did a digital strategy. We're been involved as an agency of record to support them and how that entire brand strategy should be from an omnichannel perspective in the store, as well as that digital experience and then they actually just decided to go with IBM (mumbles) and use that as a way of activating from an omnichannel order orchestration standpoint. So all the way through that lifecycle we've been engaging them and supporting them and Watson obviously native to Salesforce's Einstein and they're leveraging that but they will be infusing Watson as part of their experience. >> So another benefit that Sally Beauty and imagine other retailers and other companies and other industries, we get is optimizing the use of Salesforce. It's a very ubiquitous tool but you mentioned, I think you mentioned Ben that in the previous days of many, many, many systems of records. So I imagine for Sally Beauty also not just to be able to deliver that personalized customer experience, track inventory but it's also optimizing their internal workforce productivity. But I'm curious-- >> Yes. >> For an organization of that size. What's the time to impact? They come in you guys do the joint implementation, go to market, the consulting, identify the phases of the project, how quickly did Sally Beauty start to see a positive impact on their business? >> I think they... Well there's immediate benefits, right? Because they are already Salesforce clients and so our team our IBM team was able to come in and infuse some best practices and their current existing site. So they've been able to leverage that and see that benefit through all the way through Black Friday and last holiday season. And now what they're seeing is they're on the verge of launching and relaunching their site in the next month and then implementing (mumbles) is a part of that. So they're still on the path in the journey to that success but they've already seen success based on the support that we've provided them. >> And what are some of the learnings you guys have seen with this? Obviously you got existing accounts. They take advantage of this, what are some of the learnings around this new engagement layer and with the data intelligence around AI? What's the learnings have you guys seen? >> Yeah I think the leading thing that I've learned is the power of personalization. It's incredibly powerful. And a good example is one of my favorite grocers and that's Kroger. If we really understand what Kroger has done, I'll talk about their business a bit. I'll talk about what they've been able to do. If you look at someone's shopper basket there's an amazing amount of things you can learn about that. You can learn if they're trying to be fit if they're on a diet. You can learn if their birthdays coming. You can learn if they just had a baby. You can learn so many different things. So with shopper basket analysis, you can understand exactly what coupons you send them. So when I get coupons digital or in my home they're all exactly what I buy. But to do that for 25-30 million top customers is a very difficult thing to do. So the ability to analyze the data, segment it and personalize it to you is extremely powerful and I think that's something that retailers and CPG organizations how they continue to try to do. We're not all the way there. Were probably 30% there I would say but personalization it's going to drive customer for life. That's what it's going to do and that's a massive learning for us. >> And the other thing too Ginni mentioned it in her keynote is the reasoning around the data. So it's knowing that the interest and around the personas, etc. But it's also those surprises. Knowing kind of in advance, maybe what someone might like given their situation-- >> Anticipating. >> And we were talking about this morning. Actually, we're talking about behavioral data and data has taken a different term. >> Data is again what are you doing online what are you talking about, what did you view. What video did you look at. For organizations that have access to that data tells me so much more about your interest right now today. And it's not just about a product but it's about a lifestyle. And if retails could understand your lifestyle that opens the door to so many products and services. So I think that's really what retailers are really into. >> My final question for you guys both of you get the answer. Answer will be great is what's the biggest thing that is going to happen in retail that people may not see coming that's going to be empowering and changing people's lives? What do you guys see as a trend that's knocking on the door or soon to be here and changing lives and empowering people and making them better in life. >> Yeah, I'll jump in on one real quick and I think it's already started but it's really phenomenon of commerce anywhere. Commerce used to be a very linear thing. You'd see an ad some would reach out to you and you buy something. The commerce now is happening wherever you are. You could be tweeting something on Instagram, you could be walking in an airport. You could be anywhere and you can actually execute a transaction. So I think the distance between media and commerce has totally collapsed. It's become real time and traditional media TV, print and radio is still a big part of media. A big part but there's distance. So I think it's the immediacy of media and a transaction. That's really going to take retailers and CPG customers by surprise. >> It changes the direct-to-consumer equation. >> It changes it. It does. >> And I think I would just build on that to say that people have relationships with their brands and the way that you can extend that in this and commerce anywhere is that people don't necessarily need to know they're in that commerce experience. They're actually having a relationship with that individual brand. They're seen for who they are as an individual not a segment. I don't fall into a segment that I'm kind of like this but I'm actually who I am and they're engaging. So the way that I think we're going to see things go as people thinking at more and more out of the box about how to make it more convenient for me and to not hide that it's a commerce experience but to make that more of an engagement conversation that-- >> People centric not person in a database. >> Exactly. >> That's right. >> Moving away from marketing from segmentation and more to individual conversations. >> Yeah I think you said it Ben it's the power of personalization. >> Power of personalization. >> Katie, Ben thanks so much for joining. >> Thank you. >> Talking about what you guys IBM and Salesforce are doing together and we're excited to see where that continues to go. >> Great. >> Thanks so much. >> Our pleasure, thank you. >> We want to thank you for watching theCUBE live from IBM Think 19 I'm Lisa Martin for John Furrier stick around on Express. We'll be joining us shortly. (upbeat music)

>> Announcer: Live from Orlando, Florida, it's theCUBE, covering .conf2018. Brought to you by Splunk. >> Welcome back to .conf2018 everybody, this is theCUBE the leader in live tech coverage. I'm Dave Vellante with Stu Miniman, wrapping up day one and we're pleased to have Bina Khimani, who's the global head of Partner Ecosystem for the infrastructure segments at AWS. Bina, it's great to see you, thanks for coming on theCUBE. >> Thank you for having me. >> You're very welcome. >> Pleasure to be here. >> It's an awesome show, everybody's talking data, we love data. >> Yes. >> You guys, you know, you're the heart of data and transformation. Talk about your role, what does it mean to be the global head Partner Ecosystems infrastructure segments, a lot going on in your title. >> Yes. >> Dave: You're busy. (laughing) >> So, in the infrastructure segment, we cover dev apps, security, networking as well as cloud migration programs, different types of cloud migration programs, and we got segment leaders who really own the strategy and figure out where are the best opportunities for us to work with the partners as well as partner development managers and solution architects who drive adoption of the strategy. That's the team we have for this segment. >> So everybody wants to work with AWS, with maybe one or two exceptions. And so Splunk, obviously, you guys have gotten together and formed an alliance. I think AWS has blessed a lot of the Splunk technology, vice versa. What's the partnership like, how has it evolved? >> So Splunk has been an excellent partner. We are really joined hands together in many fronts. They are fantastic AWS marketplace partner. We have many integrations of Splunk and AWS services, whether it is Kinesis data, Firehose, or Macy, or WAF. So many services Splunk and AWS really are well integrated together. They work together. In addition, we have joined go to market programs. We have field engagement, we have remand generation campaigns. We join hands together to make sure that our customers, joint customers, are really getting the best value out of it. So speaking of partnership, we recently launched migration program for getting Splunk on prem, Splunk Enterprise customers to Splunk Cloud while, you know, they are on their journey to Cloud anyway. >> Yeah, Bina let's dig into that some, we know AWS loves talking about migrations, we dig into all the databases that are going and we talk at this conference, you know Splunk started out very much on premises but we've talked to lots of users that are using the Cloud and it's always that right. How much do they migrate, how much do they start there? Bring us instead, you know, what led to this and what are the workings of it. >> So what, you know if you look at the common problems people have customers have on prem, they are same problems that customers have with Splunk Enterprise on prem, which is, you know, they are looking for resiliency. Their administrator goes on vacation. They want to keep it up and running all the time. They help people making some changes that shouldn't have been made. They want the experts to run their infrastructure. So Splunk Cloud is run by Splunk which is, you know they are the best at running that. Also, you know I just heard a term called lottery proof. So Splunk Cloud is lottery proof, what that means the funny thing is, that you know, your administrator wins lottery, you're not out of business. (laughs) At the same time if you look at the the time to value. I was talking to a customer last night over dinner and they were saying that if they wanted to get on Splunk Enterprise, for their volume of data that they needed to be ingested in Splunk, it would take them six months to just get the hardware in place. With Splunk Cloud they were running in 15 minutes. So, just the time to value is very important. Other things, you know, you don't need to plan for your peak performance. You can stretch it, you can get all the advantages of scalability, flexibility, security, everything you need. As well as running Splunk Cloud you know you are truly cost optimized. Also Splunk Cloud is built for AWS so it's really cost optimized in terms of infrastructure costs, as well as the Splunk licensing cost. >> Yeah it's funny you mentioned the joke, you know you go to Splunk cloud you're not out of a job, I mean what we've heard, the Splunk admins are in such high demand. Kind of running their instances probably isn't, you know a major thing that they'd want to be worrying about. >> Yes, yes, so-- >> Dave: Oh please, go. >> So Splunk administrators are in such a high demand and because of that, you know, not only that customers are struggling with having the right administrators in place, also retaining them. And when they go to Cloud, you know, this is a SAS version, they don't need administrators, nor they need hardware. They can just trust the experts who are really good at doing that. >> So migrations are a tricky thing and I wonder if we can get some examples because it's like moving a house. You don't want to move, or you actually do want to move but it's, you have be planful, it's a bit of a pain, but the benefits, a new life, so. In your world, you got to be better, so the world that you just described of elastic, you don't have to plan for peaks, or performance, the cost, capex, the opex, all that stuff. It's 10 X better, no debate there. But still there's a barrier that you have to go through. So, how does AWS make it easier or maybe you could give us some examples of successful migrations and the business impact that you saw. >> Definitely. So like you said, right, migration is a journey. And it's not always easy one. So I'll talk about different kinds of migration but let me talk about Splunk migration first. So Splunk migration unlike many other migration is actually fairly easy because the Splunk data is transient data, so customers can just point all their data sources to Splunk Cloud instead of Splunk Enterprise and it will start pumping data into Splunk Cloud which is productive from day one. Now if some customers want to retain 60 to 90 days data, then they can run this Splunk Enterprise on prem for 60 more days. And then they can move on to Splunk Cloud. So in this case there was no actual data migration involved. And because this is the log data that people want to see only for 60 to 90 days and then it's not valuable anymore. They don't really need to do large migration in this case it's practically just configure your data sources and you are done. That's the simplest part of the migration which is Splunk migration to Splunk Cloud. Let's talk about different migrations. So... you have heard many customers, you know like Capital One or many other Dow-Jones, they are saying that we are going all in on AWS and they are shutting down their data centers, they are, you know, migrating hundreds of thousands of applications and servers, which is not as simple as Splunk Cloud, right? So, what AWS, you know, AWS does this day in and day out. So we have figured it out again and again and again. In all of our customer interactions and migrations we are acquiring ton of knowledge that we are building toward our migration programs. We want to make sure that our customers are not reinventing the wheel every time. So we have migration programs like migration acceleration program which is for custom large scale migrations for larger customers. We have partner migration programs which is entirely focused on working with SI partners, consulting partners to lead the migrations. As well as we're workload migration program where we are standardizing migrations of standard applications like Splunk or Atlassian, or many of their such standard applications, how we can provide kind of easy button to migrate. Now, when customers are going through this migration journey, you know, it's going to be 10 X better like you said, but initially there is a hump. They are probably needing to run two parallel environments, there is a cost element to that. They are also optimizing their business processes there is some delay there. They are doing some technical work, you know, discovery, prioritization, landing zone creations, security, and networking aspects. There are many elements to this. What we try to do is, if you look at the graph, their cost is right now where this and it's going to go down but before that it goes up and then goes down. So what we try to do is really provide all the resources to take that hump out in terms of technical support, technical enablement, you know, partner support, funding elements, marketing. There are all types of elements as well as lot of technical integrations and quick starts to take that hump out and make it really easy for our customers. >> And that was our experience, we're Amazon customer and we went through a migration about, I don't know five or six years ago. We had, you know, server axe and a cage and we were like, you know, moving wires over and you'd get an alert you'd have to go down and fix things. And so it took us some time to get there, but it is 10 X better now though. >> It is. >> The developers were so excited and I wanted to ask you about, sort of the dev-ops piece of it because that's really, it became, we just completely eliminated all the operational pieces of it and integrated it and let the developers take care of it. Became, truly became infrastructure as code. So the dev-ops culture has permeated our small organization, can't imagine the impact on a larger company. Wonder if you could talk about that a little bit. >> Definitely. So... As customers are going through this cloud migration journey they are looking at their entire landscape of application and they're discovering things that they never did. When they discover they are trying to figure out should I go ahead and migrate everything to AWS right now, or should I a refactor and optimize some of my applications. And there I'm seeing both types of decisions where some customers are taking most of their applications shifting it to cloud and then pausing and thinking now it is phase two where I am on cloud, I want to take advantage of the best of the breed whatever technology is there. And I want to transform my applications and I want to really be more agile. At the same time there are customers who are saying that I'm going to discover all my workload and applications and I'm going to prioritize a small set of applications which we are going to take through transformation right now. And for the rest of it we will lift and shift and then we will transform. But as they go through this transformation they are changing the way they do business. They are changing the way they are utilizing different technology. Their core focus is on how do I really compete with my competition in the industry and for that how can IT provide me that agility that I need to roll out changes in my business day in day out. And for that, you know, Lambda, entire code portfolio, code build, code commit, code deploy, as well as cloud trail, and you know all the things that, all the services we have as well as our partners have, they provide them truly that edge on their industry and market. >> Bina, how has the security discussion changed? When Stu and I were at the AWS public sector summit in June, the CIO of the CIA stood up on stage in front of 10,000 people and said, "The cloud on my worst day from a security perspective "is better than my client server infrastructure "on a best day." That's quite an endorsement from the CIA, who's got some chops in security. How has that discussion changed? Obviously it's still fundamental, critical, it's something that you guys emphasize. But how has the perception and reality changed over the last five years? >> Cloud is, you know, security in cloud is a shared responsibility. So, Amazon is really, really good at providing all the very, very secure infrastructure. At the same time we are also really good at providing customers and business partners all of the tools and hand-holding them so that they can make their application secure. Like you said, you know, AWS, many of the analysts are saying that AWS is far more secure than anything they can have within their own data center. And as you can see that in this journey also customers are not now thinking about is it secure or not. We are seeing the conversation that, how in fact, speaking of Splunk right, one customer that I talked to he was saying that I was asking them why did you choose Splunk cloud on AWS and his take was that, "I wanted near instantaneous SOA compliant "and by moving to Splunk cloud on AWS "I got that right away." Even I'm talking to public sector customers they are saying, you know, I want fair DRAM I want in healthcare industry, I want HIPPA Compliance. Everywhere we are seeing that we are able to keep up with security and compliance requirements much faster than what customers can do on their own. >> So they, so you take care of, certainly from the infrastructure standpoint, those certifications and that piece of the compliance so the customer can worry about maybe some of the things that you don't cover, maybe some of their business processes and other documentation, ITIL stuff that they have to do, whatever. But now they have more time to do that presumably 'cause that's check box, AWS has that covered for me, right? Is that the right thinking? >> Yes, plus we provide them all the tools and support and knowledge and everything so that they, and even partner support who are really good at it so that not only they understand that the application and infrastructure will come together as entire secure environment but also they have everything they need to be able to make applications secure. And Splunk is another great example, right? Splunk helps customer get application level security and AWS is providing them infrastructure and together we are working together to make sure our customers' application and infrastructure together are secure. >> So speaking about migrations database, hot topic at a high level anyway, I wonder if you could talk about database migrations. Andy Jassy obviously talks a lot about, well let's see we saw RDS on Prim at VMworld, big announcement. Certainly Aurora, DynamoDB is one of the databases we use. Redshift obviously. How are database migrations going, what are you doing to make those easier? >> So what we do in a nutshell, right for everything we try to build a programatic reputable, scalable approach. That's what Amazon does. And what we do is that for each of these standard migrations for databases, we try to figure out, that let's take few examples, and let's figure out Play Books, let's figure out runbooks, let's make sure technical integrations are in place. We have quick starts in place. We have consulting partners who are really good at doing this again and again and again. And we have all the knowledge built into tools and services and support so that whenever customers want to do it they don't run into hiccups and they have really pleasant experience. >> Excellent. Well I know you're super busy thanks for making some time to come on theCUBE I always love to have AWS on. So thanks for your time Bina. >> Thank you very nice to meet you both. >> Alright you're very welcome. Alright so that's a wrap for day one here at Splunk .conf 2018, Stu and I will be back tomorrow. Day two more customers, we got senior executives coming on tomorrow, course Doug Merritt, always excited to see Doug. Go to siliconangle.com you'll see all the news theCUBE.net is where all these videos live and wikibon.com for all the research. We're out day one Splunk you're watching theCUBE we'll see you tomorrow. Thanks for watching. >> Bina: Thank you. (electronic music)

>> From San Francisco, it's theCUBE covering Sumo Logic Illuminate 2018. (techy music) Now here's Jeff Frick. >> Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're at the Hyatt Regency, San Francsico International Airport in Burlingame. It's Sumo Logic Illuminate 2018, about 600 people, I think it's three times bigger than the conference last year, it's growing really fast. They got a really interesting thing going on with kind of the silent disco. All the sessions are in one room, everybody's got different headphones on so you can listen to any session. I've never, never seen that before, but we're excited to have a partner of theirs on a big announcement today. He's Eldon Sprickerhoff, the founder of eSentire, welcome. >> Jeff, great to be here. >> Absolutely, so you guys had a big announcement today, what was your big announcement? >> So, we have formally partnered with Sumo Logic to work on, so extend our visibility into native applications, cloud, and everything within a hybrid security. >> Okay, so let's back up a little bit for folks-- >> Sure. >> That aren't familiar with eSentire, what are you guys all about, how long have you been around, what's your core business? >> Sure, so we're a manage, detection, and response firm. So, basically we're looking at the attacks that made it through all the infrastructure that was currently in place. You know, firewalls and web application firewalls, and everything that you put in place, and I used to call it embedded incident response, but the idea is to hunt for the attacks as they're going on, so time is a very, you know, of the essence to detect these attacks and shoot them down. We've been in business for, it's almost 17 years. So, it was in 2001, and this is, you know, the biggest thing was, at the time, to have full visibility into attacks, be able to play back attacks, to be able to build our own threat intelligence, and so on. This is, so you know, over 15 years worth of this kind of practice and process put into place, it's something that was very revolutionary at the time and the market is just sort of catching up to it now. >> Right, right, now the other thing that of course changed significantly since 17 years ago was public cloud and the adoption of public cloud, private cloud, hybrid cloud, so how has that really changed your market? Was that a great new opportunity? I assume your original solution was on-prem >> Yep. >> Suddenly now all these workloads are moving to the proud, so how did you, or cloud, how did you guys respond to that? >> You know, so we know that, again, logging is a very important piece of getting full visibility into attacks that are going on in the network. The move into the cloud, of course, it's inevitable. You know, it's never going to be stopped, and it's something where we had a chance to sit back and we said, "Look, we recognize "that there's a need for this kind of visibility. "We don't want to build it ourselves." Some of our strength has come from building up the data analytics, and so on, that you'll, from the various signals that we get-- >> Right. >> What we're going to end up doing, you know, rather than building it ourselves, let's find the partner that can do it the best and see what is the most complementary to our methodology and our process, and so we looked at about a dozen different firms that offered this kind of thing and went with Sumo Logic as a result. You know, one of the biggest pieces was even, you know, a lot of our clients are in the mid-size market. They're not as necessarily enthusiastic about moving to cloud, although pretty much everybody has some kind of hybrid piece there. Even our most, you know, anti-cloud clients said, you know, basically in five years 70% plus of our apps and our workload will be in the cloud, but they're not in any necessarily in a rush to get there. >> Right, right. >> So, again, this was a realization that it's not going to go away. We need to find a partner that, again, works best with our sort of data analytics pipeline and the same kind of thought process behind that, and you know, not being hampered by the... You know, necessarily being on-prem, and that was, again, that was why we eventually-- >> Right. >> We went with Sumo Logic. >> So, how's your business changed fundamentally in this kind of hybrid cloud world? We also have all this crazy, you know, API economy, everything is connected to everything else, and then you've got this kind of interesting attribute of many cloud workloads, which is they don't last very long, or they change very, very quickly. They blow up, they come down, they're turned on, they turn off. How has that impacted the way you guys get your work done? >> So, you know, we're very comfortable with ephemeral workloads and attacks, but the idea of being, again, being able to respond very quickly to threats, even, you know, given servers that are, again, very short-lived, makes it even more important that the data that we pull from our existing clients and other vectors, you know, such as, you know, indicators of compromise or indicators of concern, that we can move very quickly, that we don't have the luxury of, you know, the next day getting analysis-- >> Right. >> Or sort of a nine-to-five sort of analysis and response window. That shrinks the windows even down further. >> Right, so the other thing that's pretty interesting... You know, you just said you've got like 15, 18 years worth of data. How much of that can you use to build machine learning and AI to see, you know, kind of patterns, things you've seen before, and to build some of that intelligence behind... I always think of the poor guy that rips off a bank for the first time, right? >> Right. >> It's his first time, he needed some cash, he got stupid and went in and grabbed... >> Right. >> But the policeman has seen that thing, (chuckles) you know-- >> And methodology-- >> A thousand times, right? >> Right, right right, right, yeah. >> He knows exactly where to look. He knows right where the bodies are buried, so I would imagine you've got a tremendous amount of insight that you guys can leverage in your own kind of threat detection and threat analysis. >> Yeah, yeah, that's exactly... So, you know, my role as the chief innovation officer is to drive value out of the data that we've gathered, and we've, you know, again, when we have, you know, petabytes across our client base of stored data, whether it's attack data or metadata. I said, "There's a lot of gold in them "thar hills." >> Right, right. >> And you know, part of it is do we have the right tooling to be able to access and use that data? What kind of inferences can we make from things we've seen before? So, you know, sort of like the broken windows methodology so that you expect that a certain neighborhood will be, is more likely to be attacked, and so on. So, it's a very exciting time to be in this space, right? >> Right. >> And again, given the, you know, almost 17 years worth of data and knowledge and process, I think we have a headstart against our competitors, our, you know, would-be competitors, and having access to this data and sort of the tooling to access this data that we're getting from Sumo Logic, is going to be critical in our success. >> Right, so don't share any trade secrets, but I'm curious how the strategies for the bad guys have evolved when they know that a significant amount of what they're going after sits in a public cloud that's got a whole nother layer of security and infrastructure that's been put in place by Azure or AWS or GCP. >> Yep. >> How has that changed the way that they attack those opportunities, and then how has that impacted your business and what you're doing about it? >> You know, so there's a lot of sort of interesting use cases, edge cases, that come out of this. Some of the things that we've seen that are, again, sort of challenges will be that there's attackers that have gotten quite a bit more sophisticated, and rather than going off into sort of edge cases, like one by one attacks that they go up a level and they're attacking the infrastructure themselves. So, you know, we're seeing cases where... Even this year we discovered an attack against a management of endpoint solutions, so it's of packaging of software that goes out into endpoints, and they attacked that vendor in the cloud themselves, so that was hosted, you know, a hosted solution that you would not necessarily have seen unless you were looking for some very unusual characteristics, and this is not your, you're not going to get that from the public cloud. You know, given that shared model in a cloud, you're responsible for a good portion of the infrastructure that you support. >> Right. >> It requires, it means that you have to get past sort of things like well known signatures and you really have to focus on more of the unusual behavior, build up a baseline, and then be able to dig deep into the attack vectors, and you know, every single part of the layer that, you know, whether it, not just sort of IP addresses that are bad, but it's... It requires, again, as more visibility in places that you may not necessarily have visibility. You know, so every cloud vendor that, you know, that is, especially the big three, they're ramping up their, the data that's available. >> Right. >> So, I think AWS still leads with, you know, a lot of things with Macy recently from the machine learning piece, so they're trying to give more visibility, and what you do with that data is what's critical. >> Right. >> Once you, you know, once they give you that visibility, what can you do with that data? Can you rapidly make decisions on it and be able to push that out across a complete client base? >> Right, so I'd love to get your perspective again, you've been doing this for a long time, on kind of the change of the landscape from the kid hacker who's going to go in and change his grade from a C to a B-- >> Yep, yep. >> Or he's playing games or he wants to put some splashy page up. >> Right. >> So, now, you know, state sponsored hackers, which you know are much more strategic, much better resourced, much more sophisticated. You know, how have you seen that kind of evolve and how has, are you and the industry been responding directly to that? >> Yeah, so we've seen, again, some really incredible nation state attack vectors. You know, some of the most sophisticated tooling that you can imagine we've seen from... And it's difficult, often, to be able to say that's absolutely nation state, right? Attribution is always tough-- >> Right. >> And I'm loathe to do this. There are cases that, you know, across our client base, that we have seen attacks that were so sophisticated and with a purpose, like a very fine purpose. They only could've been from nation state. It is the most, you know, without having to go out on a limb at all. >> Right. >> It just makes sense, and so it is incredible how determined and how well-tooled these attack vectors are. >> Right. >> And this is, this is not hyperbole, I'm a zero hyperbole guy. >> Right, right. And I assume the safe assumption, probably the good working assumption just like no-trust networking, is you're going to get breached somehow, some way, sometime. >> Yep, yep. >> And it's really about identifying it, responding to it, shutting it off, and trying to keep that window closed for the next time around. >> You know, I even go so far as to say it's not a question of when, like you are. >> Right, you are, they're already in, right? You just haven't found them yet. (laughs) >> Somebody, yeah, somebody, whether it's an external vector, you know, or an insider, there's, you know... The odds are good if you are of any reasonable size, there's somebody who's doing something they should not. >> Right, right, all right, so last question. >> Yeah. >> We were just at AT&T Spark's event earlier this week talking about 5G, right, and 5G is coming. They did their first call, AT&T's rolling out to all these cities. >> Right. >> So, 5G and IoT and industrial IoT are suddenly going to multiply your threat-- >> Attack base, yep. >> Attack base by orders of magnitude. What are, you know, kind of what are some of your thoughts as an industry veteran, how are you preparing for that? Do people really understand what's coming down the pike with 5G? I don't think they do. >> Not at all, not at all. (laughs) You know, when we're talking about, again, the biggest things that we're working on right now are how do we deal with scale and visibility of signals, so you know, a lot of systems do a great job of generating signals, but they're not necessarily equipped to deal with the response piece, and that's, those are some of the challenges that we're dealing with. How do you deal with the increased in scale and increase of vector, of number of vectors, attackers, and the size of the attack space themselves. >> Crazy, crazy stuff coming. (laughs) >> It's a great time to be in this industry. >> That's true, all right, Eldon, well, congrats on the announcement and thanks for taking a few minutes with us today. >> Thank you very much. >> All right, he's Eldon, I'm Jeff, you're watching theCUBE. We're at Sumo Logic Illuminate 2018, thanks for watching. (techy music)

>> Live from San Francisco, it's The Cube. Covering Google Cloud Next 2018 brought to you by Google Cloud and its ecosystem partners. >> Welcome back everyone, it's The Cube live in San Francisco. At Google Cloud's big event, Next 18, GoogleNext18 is the hashtag. I'm John Furrier with Jeff Frick, our next guest, Dave Rensin, director of CRE and network capacity at Google. CRE stands for Customer Reliability Engineering, not to be confused with SRE which is Google's heralded program Site Reliability Engineering, categoric changer in the industry. Dave, great to have you on. Thanks for coming on. >> Thank you so much for having me. >> So we had a meeting a couple months ago and I was just so impressed by how much thought and engineering and business operations have been built around Google's infrastructure. It's a fascinating case study in history of computing, you guys obviously power yourselves and the Cloud is just massive. You've got the Site Reliability Engineer concept that now is, I won't say is a boiler plate, but it's certainly the guiding architecture for how enterprise is going to start to operate. Take a minute to explain the SRE and the CRE concept within Google. I think it's super important that you guys, again pioneered, something pretty amazing with the SRE program. >> Well, I mean, like everything it was just formed out of necessity for us. We did the calculation 12 or 13 years ago, I think. We sat down a piece of paper and we said, well, the number of people we need to run our systems scales linearly with the number of machines, which scales linearly with the number of users, and the complexity of the stuff you're doing. Alright, carry the two divide by six, plot line. In ten years, now this is 13 or 14 years ago, we're going to need one million humans to run google. And that was at the growth and complexity of 10 years ago or 12 years ago. >> Yeah, Search. (laughs) >> Search, right? We didn't have Android, we didn't have Cloud, we didn't have Assistant, we didn't have any of these things. We were like, well that's not going to work. We're going to have to do something different and so that's kind of where SRE came from. It's like, how do we automate, the basic philosophy is simple, give to the machines all the things machines can do. And keep for the humans all the things that require human judgment. And that's how we get to a place where like 2,500 SREs run all of Google. >> And that's massive and there's billions and billions of users. >> Yeah. >> Again, I think this is super important because at that time it was a tell sign for you guys to wake up and go, well I can't get a million humans. But it's now becoming, in my opinion, what this enterprise is going through in this digital transformation, whatever we call it these days, consumer's agent of IT now it's digital trasfor-- Whatever it is, the role of the human-machine interaction is now changing, people need to do more. They can collect more data than ever before. It doesn't cost them that much to collect data. >> Yeah. >> We just heard from the BigQuery guys, some amazing stuff happening. So now enterprises are almost going through the same changeover that you guys had to go through. And this I now super important because now you have the tooling and the scale that Google has. And so it's almost like it's a level up fast. So, how does an enterprise become SRE like, quickly, to take advantage of the Cloud? >> So, you know, I would like to say this is all sort of a deliberate march of a multi-year plan. But it wasn't, it was a little accidental. Starting two or three years ago, companies were asking us, they were saying, we're getting mired in toil. Like, we're not being able to innovate because we're spending all of our budget and effort just running the things and turning the crank. How do you have billions of users and not have this problem? We said, oh we use this thing called SRE. And they're like please use more words. And so we wrote a book. Right? And we expected maybe 20 people would read the book, and it was fine. And we didn't do it for any other reason other than that seemed like a very scalable way to tell people the words. And then it all just kind of exploded. We didn't expect that it was going to be true and so a couple of years ago we said, well, maybe we should formalize our interactions of, we should go out proactively and teach every enterprise we can how to do this and really work with them, and build up muscle memory. And that's where CRE comes from. That's my little corner of SRE. It's the part of SRE that, instead of being inward focused, we point out to companies. And our goal is that every firm from five to 50 thousand can follow these principles. And they can. wW know they can do it. And it's not as hard as they think. The funny thing about enterprises is they have this inferiority complex, like they've been told for years by Silicon Valley firms in sort of this derogatory way that, you're just an enterprise. We're the innovate-- That's-- >> Buy our stuff. Buy our software. Buy IT. >> We're smarter than you! And it's nonsense. There are hundreds and hundreds of thousands of really awesome engineers in these enterprises, right? And if you just give them a little latitude. And so anyway, we can walk these companies on this journey and it's been, I mean you've seen it, it's just been snowballing the last couple of years. >> Well the developers certainly have changed the game. We've seen with Cloud Native the role of developers doing toil and, or specific longer term projects at an app related IT would support them. So you had this traditional model that's been changed with agile et cetera. And dev ops, so that's great. So you know, golf clap for that. Now it's like scale >> No more than a golf clap it's been real. >> It's been a high five. Now it's like, they got to go to the next level. The next level is how do you scale it, how do I get more apps, how am I going to drive more revenue, not just reduce the cost? But now you got operators, now I have to operate things. So I think the persona of what operating something means, what you guys have hit with SRE, and CRE is part of that program, and that's really I think the aha moment. So that's where I see, and so how does someone read the book, put it in practice? Is it a cultural shift? Is it a reorganization? What are you guy seeing? What are some of the successes that you guys have been involved in? >> The biggest way to fail at doing SRE is try to do all of it at once. Don't do that. There are a few basic principles, that if you adhere to, the rest of it just comes organically at a pace that makes sense for your business. The easiest thing to think of, is simply-- If I had to distill it down to a few simple things, it's just this. Any system involving people is going to have errors. So any goal you have that assumes perfection, 100% uptime, 100% customer satisfaction, zero error, that kind of thing, is a lie. You're lying to yourself, you're lying to your customers. It's not just unrealistic its, in a way kind of immoral. So you got to embrace that. And then that difference between perfection and the amounts, the closeness to perfection that your customers really need, cuz they don't really need perfection, should be just a budget. We call it the error budget. Go spend the budget because above that line your customers are indifferent they don't care. And that unlocks innovation. >> So this is important, I want to just make sure I slow down on this, error budget is a concept that you're talking about. Explain that, because this is, I think, interesting. Because you're saying it's bs that there's no errors, because there's always errors, Right? >> Sure. >> So you just got to factor in and how you deal with them is-- But explain this error budget, because this operating philosophy of saying deal with errors, so explain this error budget concept. >> It comes from this observation, which is really fascinating. If you plot reliability and customer satisfaction on a graph what you will find is, for a while as your reliability goes up, your customer satisfaction goes up. Fantastic. And then there's a point, a magic line, after which you hit this really deep knee. And what you find is if you are much under that line your customers are angry, like pitchforks, torches, flipping cars, angry. And if you operate much above that line they are indifferent. Because, the network they connect with is less reliable than you. Or the phone they're using is less reliable than you. Or they're doing other things in their day than using your system, right? And so, there's a magic line, actually there's a term, it's called an SLO, Service Level Objective. And the difference between perfection, 100%, and the line you need, which is very business specific, we say treat as a budget. If you over spend your budget your customers aren't happy cuz you're less reliable than they need. But if you consistently under spend your budget, because they're indifferent to the change and because it is exponentially more expensive for incrementive improvement, that's literally resources you're wasting. You're wasting the one resource you can never get back, which is time. Spend it on innovation. And just that mental shift that we don't have to be perfect, less people do open and honest, blameless postmortems. It let's them embrace their risk in innovation. We go out of our way at Google to find people who accidentally broke something, took responsibility for it, redesigned the system so that the next unlucky person couldn't break it the same way, and then we promote them and celebrate them. >> So you push the error budget but then it's basically a way to do some experimentation, to do some innovation >> Safely. >> Safely. And what you're saying is, obviously the line of unhappy customers, it's like Gmail. When Gmail breaks people are like, the World freaks out, right? But, I'm happy with Gmail right now. It's working. >> But here's the thing, Gmail breaks very, very little. Very, very often. >> I never noticed it breaking. >> Will you notice the difference between 10 milliseconds of delivery time? No, of course not. Now, would you notice an hour or whatever? There's a line, you would for sure notice. >> That's the SLO line. >> That's exactly right. >> You're also saying that if you try to push above that, it costs more and there's not >> And you don't care >> An incremental benefit >> That's right. >> It doesn't effect my satisfaction. >> Yeah, you don't care. >> I'm at nirvana, now I'm happy. >> Yeah. >> Okay, and so what does that mean now for putting things in practice? What's the ideal error budget, that's an SLO? Is that part of the objective? >> Well that's part of the work to do as a business. And that's part of what my team does, is help you figure out is, what is the SLO, what is the error budget that makes sense for you for this application? And it's different. A medical device manufacturer is going to have a different SLO than a bank or a retailer, right? And the shapes are different. >> And it's interesting, we hear SLA, the Service Level Agreement, it's an old term >> Different things. >> Different things, here objective if I get this right, is not just about speed and feeds. There's also qualitative user experience objectives, right? So, am I getting that right? >> Very much so. SLOs and SLAs get confused a lot because they share two letters. But they don't mean anywhere near the same thing. An SLA is a legal agreement. It's a contract with your user that describes a penalty if you don't meet a certain performance. Lawyers, and sometimes sales or marketing people, drive SLAs. SLOs are different things driven by engineers. They are quantitative measures of your users happiness right now. And exactly to your point, it's always from the user's perspective. Like, your user does not care if the CPU and your fleet spiked. Or the memory usage went up x. They care, did my mail delivery slow down? Or is my load balancer not serving things? So, focus from your user backwards into your systems and then you get much saner things to track. >> Dave, great conversation. I love the innovation, I love the operating philosophy cuz you're really nailing it with terms of you want to make people happy but you're also pushing the envelope. You want to get these error budgets so we can experiment and learn, and not repeat the same mistake. That sounds like automation to me. But I want you to take a minute to explain, what SRE, that's an inward facing thing for Google, you are called a CRE, Customer Reliability Engineer. Explain what that is because I heard Diane Greene saying, we're taking a vertical focus. She mentioned healthcare. Seems like Google is starting to get in, and applying a lot of resources, to the field, customers. What is a CRE? What does that mean? How is that a part of SRE? Explain that. >> So a couple of years ago, when I was first hired at Google I was hired to build and run Cloud support. And one of the things I noticed, which you notice when you talk to customers a lot, is you know the industries done a really fabulous job of telling people how to get to Cloud. I used to work at Amazon. Amazon is a fantastic job! Telling people, how do you get to Cloud? How do you build a thing? But we're awful, as an industry, about telling them how to live there. How do you run it? Cuz it's different running a thing in a Cloud than it is running it in On-Prem. And you find that's the cause of a lot of friction for people. Not that they built it wrong, but they're just operating it in a way that's not quite compatible. It's a few degree off. And so we have this notion of, well we know how to operate these things to scale, that's what SRE is. What if, what if, we did a crazy thing? We took some of our SREs and instead of pointing them in at our production systems, we pointed them out at customers? Like what if we genetically screened our SREs for, can talk to human, instead of can talk to machine? Which is what you optimize for when you hire an engineer. And so we started Siri, it's this part of our SRE org that we point outwards to customer. And our job is to walk that path with you and really do it to get like-- sometimes we go so far as even to share a pager with you. And really get you to that place where your operations look a lot like we're talking that same language. >> It's custom too, you're looking at their environment. >> Oh yeah, it's bespoke. And then we also try to do scale things. We did the first SRE book. At the show just two days ago we launched the companion volume to the book, which is like-- cheap plug segment, where it's the implementation details. The first book's sort of a set of principles, these are the implementation details. Anything we can do to close that gap, I don't know if I ever told you the story, but when I was a little kid when I was like six. Like 1978, my dad who's always loved technology decided he was going to buy a personal computer. So he went to the largest retailer of personal computers in North America, Macy's in 1978, (laughs) and he came home with two things. He came home with a huge box and a human named Fred. And Fred the human unpacked the big box and set up the monitor, and the tape drive, and the keyboard, and told us about hardware and software and booting up, because who knew any of these things in 1978? And it's a funny story that you needed a human named Fred. My view is, I want to close the gap so that Siri are the Freds. Like, in a few years it'll be funny that you would ever need humans, from Google or anyone else, to help you learn how-- >> It's really helping people operate their new environment at a whole. It's a new first generation problem. >> Yeah. >> Essentially. Well, Dave great stuff. Final question, I want to get your thoughts. Great that we can have this conversation. You should come to the studio and go more and more deeper on this, I think it's a super important, and new role with SRES and CREs. But the show here, if you zoom out and look at Google Cloud, look down on the stage of what's going on this week, what's the most important story that should be told that's coming out of Google Cloud? Across all the announcements, what's the most important thing that people should be aware of? >> Wow, I have a definite set of biases, that won't lie. To me, the three most exciting announcements were GKE On-Prem, the idea that manage kubernetes you can actually run in your own environment. People have been saying for years that hybrid wasn't really a thing. Hybrid's a thing and it's going to be a thing for a long time, especially in enterprises. That's one. I think the introduction of machine learning to BigQuery, like anything we can do to bring those machine learning tools into these petabytes-- I mean, you mentioned it earlier. We are now collecting so much data not only can we not, as companies, we can't manage it. We can't even hire enough humans to figure out the right questions. So that's a big thing. And then, selfishly, in my own view of it because of reliability, the idea that Stackdriver will let you set up SLO dashboards and SLO alerting, to me that's a big win too. Those are my top three. >> Dave, great to have you on. Our SLO at The Cube is to bring the best content we possibly can, the most interviews at an event, and get the data and share that with you live. It's The Cube here at Google Cloud Next 18 I'm John Furrier with Jeff Frick. Stay with us, we've got more great content coming. We'll be right back after this short break.

(lively music) >> Announcer: It's the CUBE, covering SAPPHIRE NOW 2017, brought to you by SAP cloud platform and HANA Enterprise Cloud. >> Welcome back, everybody. Jeff Frick here with the CUBE with our ongoing coverage of SAP SAPPHIRE 2017 down in Orlando. Really exciting day today, day two, 'cause we got to see Hasso Plattner. Got up and gave his keynote. Joined by George Gilbert. George, great to see you. I know you've known Hasso for years and years and years. Impressions of the kfeynote. God, there is so much stuff that we can dig into. I'm looking forward to it. >> Hasso almost never disappoints, 'cause he's just got %a richness of history and of vision that goes all the way back to the beginning. He was probably the technical visionary from the very beginning. He was the guy who took them from the first super integrated mainframe ERP package all the way to the client server age with R3, and now beyond into sort of in-memory, cloud ready, and with machine learning and iOT baked in. >> But he really speaks like a developer. You can really tell that he likes the technology, he understands the technology, he's kind of a no-BS guy. Some of the Q&A afterwards, people were trying to trip him up and challenge him on stuff. And he would either say, "I don't know," or, "I don't believe that," or, "Here's our impression." Really you could tell he's a humble guy, smart guy, and really has a grasp of what the heck is going on here. Let's jump into it. So many themes we could talk about. But the one that started out early in the conversation was, he literally said, "We need to get as quickly "to the cloud as possible." This is coming from a guy who built the company based on on prem ERP heavy lifting. And even he said today, 2017, "We need to get to the cloud as quickly as possible." >> I think there are a few things going on behind there, when you unpack it. One is, they did start building for the cloud in the early 2000's. It was meant to be a product for the mid-market. In fact, actually its first objective wasn't to be cloud-ready. The first objective was to be highly configurable so that you could bend it to the needs of many customers without customizing it, because typically with the customizations, it made it very difficult to upgrade. In making it configurable first and cloud-read second, they kind of accomplished neither. But they learned a lot. So they started on this next version, which was, okay, we're going to take an in-memory database which we're building from the ground up, 'cause Oracle wasn't building it at the time, and then we're going to build SAP ERP from scratch on top of this new database, 'cause database was so high performance that they didn't have to sepyarate analytics from transactions the way traditionally you do, you had to do in all applications. So they could simplify the app. Then, in simplifying it, they could make it easier to run in the cloud. And now, just like Oracle, just like Microsoft, they now build cloud first and on-prem second, because by building it cloud first, it sort of simplifies the assumptions that you have to make. >> Right, and he talked quite a bit about so much effort now is around integration connectors, to get stuff in and out of this thing. And that's a big focus, he said. It's not that we're ignoring it, it's just a big, hard, hairy problem that we're attacking. >> Yeah, and this is interesting and there's a lot of history behind this. Oracle, in the 90s, up until about the late 90s, their greatest success was in their industry-specific applications, where they took different modules from different vendors and stitched them together. That was how they built, like, a special solution for a consumer package goods company. But it turned out that that wasn't really workable because the different modules for the different vendors6 upgraded at different rates. So there was no way coherently to integrate them and tie them together. And SAP had said that all along. They were, like, this wasn't going to work. Fast forward to the last five-plus years, SAP started buying products from a bunch of different vendors, Ariba, SuccessFactors, Concur, Hybris. So you're, like, "Aren't they doing the same thing "Oracle did 10 year, 15 years before?" But no, and this is what Hasso was talking about today, which was, once those apps are in the cloud, you only have to build the integration points once. It's not like when it's on every customer's data center, you have to build integrations that work for every version that every customer has. So I think that's what he was talking about. You put it all in the cloud, you integrate it once. >> Another thing that he talked, he really, he spoke in tweets. (mumbles) goes to buy Twitter feed, I was basically, like, bang, bang, bang as he was talking. He talked about databases, and databases in the cloud. Nobody cares, right? It's a classic theme we hear over and over. "We presume it works. "We just want it to work." You know, it should just work. Nobody really cares what the underlying database is. >> But he was, in those cases, referring to these purchased apps, Concur, SuccessFactors, Ariba, Hybris. He was, like, "Some of them work on SQLServer, "some of 'em work on Oracle. "But you know what? "Until we get around to upgrading them to HANA, "it doesn't matter because you, the customer, "don't know that." If they were on prem and you had to support all those different databases, it might be a different story. But he's, like, "We'd rather give you the functionality "that's baked into them now "and get around to upgrading the databases later." >> Another thing that came up, and he actually reference the conversation with Michael Dell from yesterday's keynote, about the evolution of compute horsepower. You know, you had CPUs and CPUs kind of topped out. Then you had multicore CPUs. Now we have GPUs that he said you can put 10s or 100s of 1,000s on the board at one time. Basically he's smart guy, he's down the road a few steps from delivering today's product, saying that, you know, we're basically living in a era of unlimited free compute and kind of asymptotically approaching. But that's where we are. And how does that really change the way that we look now at new application development. I thought that was a pretty interesting thing. >> And sort of big advances in software architecture come from when you have a big change in the relative cost of compute memory, network storage. So as you were saying, cost of compute is approaching zero. But the same time, the cost of memory relative to storage is coming way down. So not only do you have these really beefy clusters with lots of compute, but you also have lots of memory. He was talking about something like putting 16 terabytes of memory in a server and putting 64 servers in a cluster, and all of a sudden, I can't do that math, being that I was a humanities major, but all of a sudden, you're talking about huge databases where you can crunch through this stuff very, very fast because it's all, you have lots of processors running in parallel and you have lots of memory. >> It's pretty interesting. He made an interesting statement. He used a sailor reference. He said, "You know, we are through the big waves "and now we're in the smooth water," and really saying that all this heavy lifting and now that this cloud architecture is here and we have this phenomenal compute and store technology, that he can kind of take a breath and really refresh a look out into the future as to, how do we build modern apps that have intelligence with basically unlimited resources, and how does that change the way that we go forward? I thought that was an interesting point of view, especially 'cause he has been at it for decades. >> You know, I think he was probably looking back to some of the arrows he had in his back from having done an in-memory database essentially before anyone else did for mission critical apps. I think when he's saying we're out of the choppy water and into the smooth water, because we now have the hardware that lets us run essentially these very resource-intensive databases and the apps on 'em, so that we no longer have to worry, are we overtaxing the infrastructure? Is it too expensive to outfit the hardware for a customer? So his, when he talks about rethinking the apps, he, like, "We don't have to have separate analytical systems "from the transaction systems. "And not only that. "We can simplify because we don't have to have" what he's calling aggregates. In other words, we don't have to, we don't, let's say, take an order and all the line items in an order, and then pre-aggregate all the orders. It's, like, we do that on the fly. And that simplifies things a lot. Then, not only that. Because we have all this memory, we can do, like, machine learning very inexpensively. >> A whole another chapter in his keynote was about modern software design. A lot of really interesting things, especially in the context of SAP, which was a big, monolithic application, hard to learn, hard to understand, hard to manage. I remember a start, that were were (mumbles) using is a core V to C commerce engine. And to add 16 colors of shirts times 10 neck sizes and 10 sleeve sizes was just a nightmare. You're not going to have some merchant that works at Macy's to put that into the system. But he talked about intelligent design, which is pretty interesting. We're hearing that more and more in a lot of work done over at Stanford, intelligent design. He's talking about no manuals. He's, like, "If I can't figure it out, "I need to understand." He talked about intelligent applications that continue to learn as the applications get more data. And specifically, the fact that machines don't get bored testing 100s or 1,000s or even millions of scenarios and grinding through those things to get the intelligence to start to learn about what's going on. So a very different kind of an application, both development, delivery approach, than what we think of historically as R3. >> Yeah, like the design thinking was, they have this new UI called Fiori. I mean, if you go back 10, 15 years, let's say, when they started, 15 years, when they started trying to put browser-based user interfaces on what was a client server system, they had 10s and 10s of 1,000s of forms-based screens. They had to convert them one by one to work in a browser. I think what he's saying now is, they can mock up these prototypes in a simple tool and they can essentially recreate the UI. It's not going to be the exact same forms, but they can recreate the UI to the entire system so that it's much more accessible. On the machine learning front, he was talking about one example was, like, matching up invoices that you going to have to pay. So that you going to train the system with all these invoices. It learns how to essentially do the OCR, recognize the text. And it gets smarter to the point where it can do 95% of it without-- >> Human interaction. >> Yeah, human inter-. >> You know, it's interesting, we were at Service Now last week, as well. And they are using AI to do relatively mundane tasks that people don't want to do, that machines are good at, things like categorization and assignment and things that are relatively straightforward processes but very time-consuming and again, if you can get to a 70% solution, 80% solution, 90% solution, to free people up to do other things on the stuff that's relatively routine. Right, if the invoice matches the anticipated bill in the system, pay it. Does somebody really have to look at it? So I thought that was really interesting. Something I want to dig in with you, he talked a lot about data, where the data lives, data gravity. He even said that he fought against data warehousing in the 90s and lost. A lot of real passionate conversation about where is data and how should apps interact with data, and he's really against this data replication and a data lake and moving this stuff all around, but having it kind of central. Want to just get your thoughts on that history. What do you think he means now, and where's that going? >> It's a great question. There's a lot of history behind that. Not everyone would remember, but there was an article in Fortune Magazine in the late 90s, where it described him getting up in a small conference of software CEOs, enterprise software CEOs, and he said basically, "We're going to grind you into dust, "because everything comes in our system integrated. "And if you leave it up to the customer "to try and stitch all this stuff together, "it's going to be a nightmare." And that was back when everyone was thinking, "One company can't do it all." And the reality was, that was the point in time where we really had given go past go, collect $200, to every best-of-breed little software vendor. It did prove out over the next decade that the fewer integration points there were, that it meant much lower cost of ownership for the customer. Not only lower cost of ownership, but better business process integration, 'cause you had the (mumbles) integration. I bring this up because, well, actually, I was there when he said it. (laughs) But I bring it up because he's essentially saying the same thing now, which is, "We'll put all the machine learning technology, "the building blocks, in SAP. "If you need any contextual data, "bring it into our system. "You don't want to take our data out "and put it into all these other machine learning programs "'cause there's security issues, "there's, again, the breakdown "in the business process integration." He did acknowledge that with data warehouses, if you have 100s of other sources, yes, you may need a external data warehouse. But I think that he's going to find with machine learning the greatest value with the data that you use in machine learning is when you're always adding richer and richer contextual data. That contextual data means you're getting it from other sources. I don't think he's going to win this battle in terms of keeping most of it within SAP. >> It kind of bring up this other intersection that he talked about. In now delivering SAP as a cloud application, he said, "Now we have to learn how to run our application, "not our customers," a very different way of looking at the world. The other thing that piggybacks off of what you just said is, we've seen this trend towards configuration, not customization. It used to be probably, back in the days, if you had the big SI's, they loved customization, 'cause it's a huge project, multi-years. I used to talk to one of our center partners, like, "How do you manage a multi-year SAP project "when most the people that started it "probably aren't even there the day you finish it?" But he had a specific quote I wanted to call out now, what you just said, is that he said, "Only our customers have the data, "the desire, and the domain knowledge "to make the most out of it." So it's a really interesting recognition that yes, you want customers to have this configuration option. But we keep hearing more and more, it's config, not-- >> Both: Customization. >> For upgrades and all these other things, which now when you go to a cloud-based application, that becomes significant. You don't want customizations, 'cause that's just complicates everything. >> You can't. I don't know if he said this today. I guess he must have said it today. But basically, when you're in the cloud, I forgot the terminology for the different instances. But when you're in, like, the SAP cloud, you can only configure. There's essentially a set of greater constraints on you. When you go to the other end of the spectrum, let's say you run it in your own data center, you can customize it. But when you're running it, essentially sharing the infrastructure, you're constrained. You're much more constrained. And they build it for that environment first. >> Right. But at the same time, they've got the data. Again, this has come up with other SAS companies that we've talked to, is hopefully, their out of the box business process covers 90% of the basics. I think there's been a realization on the business analyst side that we think we're special, but really most of the time, order to cash is order to cash. So if you got to tweak your own internal process to match best-of-breed, do it. You're much better off than trying to shape that computing system to fill your little corner cases. >> It's funny that you mention that, because what happened in the 90s was that by far the biggest influencers in the purchase decision and the overall lifecycle of the app were the big system integrators. They could typically collect $10 in implementation and change management fees for every dollar of license that went to the software vendors. So they had a huge incentive to tell the customer, "Well, you really should customize this "around your particular needs," because they made all the money off that. >> Right, right. Another huge theme. Again, it was such a great keynote. We watch a lot of keynotes, and I have a very high bar for what I consider a great keynote. This was a great keynote by a smart guy who knows his stuff and got history. But another theme was just really about AI. He talked a little bit, which I thought was great. Nobody talks about the fact that airplanes have been flying themselves for a very long time. So it is coming. I think he even said, maybe this is the age of AI. But there always have to be some humans involved. It's not a complete hand-over of control. But it is coming, and it's coming very, very quickly. >> I actually thought that they were a little further behind than might expected, considering that it's been years now that people in software have seen this coming. But they have in the dozens of applications or functions right now that are machine learning enabled. But if you look out at their roadmap, where they get to predictive accounting, customer behavior segmentation, profile completeness for in sales, solution recommenders, model training infrastructure for the base software foundation, they have a pretty rich roadmap. But I guess I would have thought it'd be a little farther along. But then Oracle isn't really any farther along. (mumbles) has done some work for HR. For whatever reason, I think that enterprise application vendors, I think they found this challenging for two reasons. On the technical side, machine learning is very different from the traditional analytics they did, which was really essentially OLAP, you know, business intelligence. This requires the data scientists and the white lab coats and instead of backward-looking business intelligence this forward-looking predictive analytics. The other thing is, I think you sell this stuff differently, which is, when it was business intelligence, you're basically selling reporting on what happened to department heads or function leaders, whereas when you're selling predictive capabilities, it's a little more transformative and you're not selling efficiency, which is what these applications have always, that's been their value preposition. You're selling transformational outcomes, which is a different sort of selling motion. >> It's funny, I heard a funny quote the other day. We used to look backwards for the sample of the data. (laughs thinly) Now we're in real time with-- >> Both: All the data. >> Very different situation-- >> And forward-looking. >> And forward-looking as well, with the predictive. >> That's a great quote, yeah. >> Again, he touched on so many things. But one of the things he brought up is Tesla. He actually said he has two Teslas, or he has a second Tesla. And there was question and answer afterwards really about the Tesla, not as the technology platform. And he poked fun at Germans. He said Germans have problems with simplicity. He referenced, I presume, a Mercedes or a Porsche, you know, the perfectly ergonomically placed buttons and switches. He goes, "You sit in a Tesla "and it just all comes up on the touch screen. "And if you want to do an update overnight, "they update your software, "and now you have the newer version of the car," versus the Mercedes, where it takes 'em three years to redesign the buttons and switches. I thought that was interesting. Then one of the Q&A people said, "But what about the buying experience? "If you (mumbles) ever bought a Tesla, "it's a very different experience "than buying a car." How does that really apply to selling software? It was pretty interesting. He said we're not there yet. But he has clearly grasped on, it's a new world and it's a new way to interact with the customers, kind of like his no manuals comment, that Tesla is defining a new way to buy a car, experience a car, upgrade a car. >> Operate it. >> At the same time, he got the crazy mode, fanatical mode, like, ludicrous mode, so that he could stop and tell the Porsche guys that you're falling behind further every single day. So I thought, really interesting, bringing that kind of consumer play and kind of a cutting edge automotive example into what was historically pretty stodgy enterprise software space. >> You know, it's funny, I listened when you're saying that. That was almost like the day one objective from SalesForce, which was, we want an enterprise app like Sebol, but we want an eBay-like, or Yahoo-like experience. And that did change the experience for buying it and for operating it. I think that was almost 20 years ago, where that was Marc Benioff's objective and he's saying it's easier to do that for CRM, but it's now time to bring that to ERP. >> The other thing he brought in which I was happy, being a Bay Area resident, is the Sharks. Because he's a part owner of San Josey Sharks, obviously it's SAP Center now, also known as the Shark Tank. It used to be owned by another technology company. But he made just a funny thing. "I like hockey, so I should like SAP," and he was talking about the analysis of how often the logos come up on the telecast et cetera. But the thing that struck me is, he said the analysis is actually now faster than the game. Pretty interesting way to think about this data in flow, in that the analysis coming out of the game that feeds Vegas, it feeds all these stat lines, it feeds fantasy, it feeds all this stuff, it feeds the advertising purchase and the ROI on my logo, is it in the corner, is it on the ice, is it in the middle, is actually moving faster than the hockey game. And hockey is a pretty fast game. Very different world in which we live, even on the mar-tech side. >> That was an example of one of the machine learning-type apps, because I think in their case, they were using, I think, Google image recognition technology to parse out essentially all the logos and see what type of impact your brand made relative to your purchase. >> I mean, I could go on and on. I've so many notes. Again, I live tweeted a lot of it, you know, he's just such a humble guy. He's a smart guy. He comes at it with a technology background, but he said we're a little bit slower than we'd like, he talked about some things taking longer than he thought they would. But he also now sees around the corner, that we are very quickly going to be in this age of infinite compute, and we are already in an age of, no one's reading manuals. Just seemed very kind of customer-centric, we're no longer the super-smart Germans that, "We'll do it our way or the highway, "and you will adapt your process to us," but really customer-centric point of view, design thinking, talked about sharing their roadmap as far out in advance as possible. I think he specifically, when he got questioned on design thinking, he's, like, "You know, the studies show that a collaborative effort "yields better results. "It's no longer, 'We're the smartest guy in the room "'and we're going to do it this way "'and you're going to adapt.'" So really progressive. >> And he talked about, with Concur, he said their UI is so easy that you really don't need a manual. In fact, if you do, you failed. And I think what he's trying to say is, we're going to take that iterative prototyping capability agile development and extend it to the rest of the ERP family. With their Fiori UI and the tools that build those screens that it'll make that possible. >> You've handled CAP. We don't spend enough investment on design in UI, 'cause it is such an important piece of the puzzle. But George, we're running out of time here. I want to give you the last word. You've been paying attention to SAP for a very long time. Hasso's terrific, but then Hasso gets off the stage and he said, "I don't run the company any more. "I only make recommendations." As you look at SAP, and Bill McDermott was yesterday, are they changing? Are they just stuck in an innovator's dilemma because they just make so much money on their historical business? Or are they really changing? What's your take as they develop, where they are now, and what do you see going forward for SAP? >> Well it's a really good question. I would say, I look at the value of the business processes that they are either augmenting or automating. I hesitate to say automate because, as he said, you still want the pilot in the cockpit. >> Jeff: In proximity to take control. >> Right. And he was, like, "Look, when we do the invoice matching, "it's not like we're going to get 100% right. "We're going to get it," I think he was saying, like, in the labs right now it's, like, 94% right. So we're going to make you more productive, we're not going to eliminate that job. But when you're doing invoice matching, that's not a super high value business process. If you're doing something where you're predicting churn and making a next best offer to a customer, that's a higher value process. Or if you have a multi-touchpoint commerce solution where you can track the customer, whether it's mobile, whether he's coming via chat, whether he's in the store, and you're able to see his history or her history and what's most appropriate given their context at any one moment, that's higher value. And then it's super high value to be able to take that back upstream towards, "Okay, here's where the inventory is. "I have some in this store. "I can't fulfill that clothing item directly from the store, "but I can fulfill it from this one," or, "I have it in another warehouse," when you have that level of awareness and integration, that's high value. >> Yeah, but I want to push back a little bit on you, George, 'cause I do think the invoice ma-, if he can automatically match 94% of the invoices, that is tremendous value. I just think it's so creative when you apply this machine learning to tasks that feel relatively mundane. But if you're speeding your cash flow along, if you get 94% of your invoices done one day faster and you're a multimillion dollar business, what is the direct dollar impact on the bottom line, like, immediately? It's huge. And then you can iterate and move into other processes. I think what's termed a low value transaction is actually a lot higher value than people give it credit. It's just like again, another one we hear about all the time, automation of password reset. Some of these service desks, password reset, I heard a stat, and one of them was 70% of the calls are password reset. So if you could automate password reset, sounds kind of silly and mundane, oh my gosh, it's like 70% of your calls. It's humongous. >> I hear what you're saying. Let me give you another counter example, which was, I think he brought this up. I don't know if it was today or when Michael Dell spoke, which was that Dell's revolution wasn't that they were more efficient than doing what Compaq did. It's that they had a different business model, which was specifically, they got paid before they even procured or assembled the components. >> Or paid for them, right? >> George: Yes, yes. >> They had no inventory carry costs. >> In fact, that meant their working capital, their working capital needs were negative. In fact, the bigger they got, the more money they collected before they had to spend it. That's a different business model. That wasn't automating the invoice matching. That was, we have such good systems that we don't even have to pay for them and then assemble the stuff until after the customer gave us their credit card. >> Right, right, right. >> I think those are the things that new types of applications can make possible. >> Right. Well, we see it time and time again. It's all about scale, it's all about finding inefficiencies, and there's a lot more inefficiencies around than people give credit, as Uber showed with a lot of cars that sit in driveways and Amazon and the public clouds are showing with a lot of inefficient, not used utilization and private data centers. So the themes go on and on, and they're pretty universal. So, exciting keynote. Any last comment before we sign off for today? >> I guess we want to take a close look at Oracle next and see how their roadmap looks like in terms of applying these new technologies, iOT, machine learning, block chain. Because all of these can remake how you build a business. >> All right, that's George Gilbert from Wikibon. I'm Jeff Frick from the CUBE. We are covering ongoing coverage of SAP SAPPHIRE 2017. Thanks for watching, we'll be back with more after this short break. Thanks. (lively music)

>> Announcer: Live from San Jose, California, it's The Cube. Covering Big Data, Silicon Valley, 2017. (electronic music) >> Okay, welcome back everyone, live at Silicon Valley for the big The Cube coverage, I'm John Furrier, with me Wikibon analyst George Gilbert, Bruno Aziza, who's on the CMO of AtScale, Cube alumni, and Josh Klahr VP at AtScale, welcome to the Cube. >> Welcome back. >> Thank you. >> Thanks, Brian. >> Bruno, great to see you. You look great, you're smiling as always. Business is good? >> Business is great. >> Give us the update on AtScale, what's up since we last saw you in New York? >> Well, thanks for having us, first of all. And, yeah, business is great, we- I think Last time I was here on The Cube we talked about the Hadoop Maturity Survey and at the time we'd just launched the company. And, so now you look about a year out and we've grown about 10x. We have large enterprises across just about any vertical you can think of. You know, financial services, your American Express, healthcare, think about ETNA, SIGNA, GSK, retail, Home Depot, Macy's and so forth. And, we've also done a lot of work with our partner Ecosystem, so Mork's- OEM's AtScale technology which is a great way for us to get you AtScale across the US, but also internationally. And then our customers are getting recognized for the work that they are doing with AtScale. So, last year, for instance, Yellowpages got recognized by Cloudera, on their leadership award. And Macy's got a leadership award as well. So, things are going the right trajectory, and I think we're also benefitting from the fact that the industry is changing, it's maturing on the the big data side, but also there's a right definition of what business intelligence means. This idea that you can have analytics on large-scale data without having to change your visualization tools and make that work with existing stock you have in place. And, I think that's been helping us in growing- >> How did you guys do it? I mean, you know, we've talked many times in there's some secret sauce there, but, at the time when you guys were first starting it was kind of crowded field, right? >> Bruno: Yeah. >> And all these BI tools were out there, you had front end BI tools- >> Bruno: Yep. But everyone was still separate from the whole batch back end. So, what did you guys do to break out? >> So, there's two key differentiators with AtScale. The first one is we are the only platform that does not have a visualization tool. And, so people think about this as, that's a bug, that's actually a feature. Because, most enterprises have already that stuff made with traditional BI tools. And so our ability to talk to MDX and SQL types of BI tools, without any changes is a big differentiator. And then the other piece of our technology, this idea that you can get the speed, the scale and security on large data sets without having to move the data. It's a big differentiation for our enterprise to get value out of the data. They already have in Hadoop as well as non-Hadoop systems, which we cover. >> Josh, you're the VP of products, you have the roadmaps, give us a peek into what's happening with the current product. And, where's the work areas? Where are you guys going? What's the to-do list, what's the check box, and what's the innovation coming around the corner? >> Yeah, I think, to follow up on what Bruno said about how we hit the sweet spot. I think- we made a strategic choice, which is we don't want to be in the business of trying to be Tableu or Excel or be a better front end. And there's so much diversity on the back end if you look at the ecosystem right now, whether it's Spark Sequel, or Hive, or Presto, or even new cloud based systems, the sweet spot is really how do you fit into those ecosystems and support the right level of BI on top of those applications. So, what we're looking at, from a road map perspective is how do we expand and support the back end data platforms that customers are asking about? I think we saw a big white space in BI on Hadoop in particular. And that's- I'd say, we've nailed it over the past year and a half. But, we see customers now that are asking us about Google Big Query. They're asking us about Athena. I think these server-less data platforms are really, really compelling. They're going to take a while to get adoption. So, that's a big investment area for us. And then, in terms of supporting BI front ends, we're kind of doubling down on making sure our Tableau integration is great, Power BI is I think getting really big traction. >> Well, two great products, you've got Microsoft and Tableau, leaders in that area. >> The self-service BI revolution has, I would say, has won. And the business user wants their tool of choice. Where we come in is the folks responsible for data platforms on the back end, they want some level of control and consistency and so they're trying to figure out, where do you draw the line? Where do you provide standards? Where do you provide governance, and where do you let the business lose? >> All right, so, Bruno and Josh, I want you to answer the questions, be a good quiz. So, define next generation BI platforms from a functional standpoint and then under the hood. >> Yeah, there's a few things you can look at. I think if you were at the Gartner BI conference last week you saw that there was 24 vendors in the magic quadrant and I think in general people are now realizing that this is a space that is extremely crowded and it's also sitting on technology that was built 20 years ago. Now, when you talk to enterprises like the ones we work with, like, as I named earlier, you realize that they all have multiple BI tools. So, the visualization war, if you will, kind of has been set up and almost won by Microsoft and Tableau at this point. And, the average enterprise is 15 different BI tools. So, clearly, if you're trying to innovate on the visualization side, I would say you're going to have a very hard time. So, you're dealing with that level of complexity. And then, at the back end standpoint, you're now having to deal with database from the past - that's the Teradata of this world - data sources from today - Hadoop - and data sources from the future, like Google Big Query. And, so, I think the CIO answer of what is the next gen BI platform I want is something that is enabling me to simplify this very complex world. I have lots of BI tools, lots of data, how can I standardize in the middle in order to provide security, provide scale, provide speed to my business users and, you know, that's really radically going to change the space, I think. If you're trying to sell a full stack that's integrated from the bottom all the way to visualization, I don't think that's what enterprises want anymore >> Josh, under the hood, what's the next generation- you know, key leverage for the tech, and, just the enabler. >> Yeah, so, for me the end state for the next generation GI platform is a user can log in, they can point to their data, wherever that data is, it's on Prime, it's in the cloud, it's in a relational database, it's a flat file, they can design their business model. We spend a lot of time making sure we can support the creation of business models, what are the key metrics, what are the hierarchies, what are the measures, it may sound like I'm talking about OLAP. You know, that's what our history is steeped in. >> Well, faster data is coming, that's- streaming and data is coming together. >> So, I should be able to just point at those data sets and turn around and be able to analyze it immediately. On the back end that means we need to have pretty robust modeling capabilities. So that you can define those complex metrics, so you can functionally do what are traditional business analytics, period over period comparisons, rolling averages, navigate up and down business hierarchies. The optimizations should be built in. It shouldn't be the responsibility of the designer to figure out, do I need to create indeces, do I need to create aggregates, do I need to create summarization? That should all be handled for you automatically. Shouldn't think about data movement. And so that's really what we've built in from an AtScale perspective on the back end. Point to data, we're smart about creating optimal data structure so you get fast performance. And then, you should be able to connect whatever BI tool you want. You should be able to connect Excel, we can talk the MDX Query language. We can talk Sequel, we can talk Dax, whatever language you want to talk. >> So, take the syntax out of the hands of the user. >> Yeah. >> Yeah. >> And getting in the weeds on that stuff. Make it easier for them- >> Exactly. >> And the key word I think, for the future of BI is open, right? We've been buying tools over the last- >> What do you mean by that, explain. >> Open means that you can choose whatever BI tool you want, and you can choose whatever data you want. And, as a business user there's no real compromise. But, because you're getting an open platform it doesn't mean that you have to trade off complexity. I think some of the stuff that Josh was talking about, period analysis, the type of multidimensional analysis that you need, calendar analysis, historical data, that's still going to be needed, but you're going to need to provide this in a world where the business, user, and IT organization expects that the tools they buy are going to be open to the rest of the ecosystem, and that's new, I think. >> George, you want to get a question in, edgewise? Come on. (group laughs) >> You know, I've been sort of a single-issue candidate, I guess, this week on machine learning and how it's sort of touching all the different sectors. And, I'm wondering, are you- how do you see yourselves as part of a broader pipeline of different users adding different types of value to data? >> I think maybe on the machine learning topic there is a few different ways to look at it. The first is we do use machine learning in our own product. I talked about this concept of auto-optimization. One of the things that AtScale does is it looks at end-user query patterns. And we look at those query patterns and try to figure out how can we be smart about anticipating the next thing they're going to ask so we can pre-index, or pre-materialize that data? So, there's machine learning in the context of making AtScale a better product. >> Reusing things that are already done, that's been the whole machine-learning- >> Yes. >> Demos, we saw Google Next with the video editing and the video recognition stuff, that's been- >> Exactly. >> Huge part of it. >> You've got users giving you signals, take that information and be smart with it. I think, in terms of the customer work flow - Comcast, for example, a customer of ours - we are in a data discovery phase, there's a data science group that looks at all of their set top box data, and they're trying to discover programming patterns. Who uses the Yankees' network for example? And where they use AtScale is what I would call a descriptive element, where they're trying to figure out what are the key measures and trends, and what are the attributes that contribute to that. And then they'll go in and they'll use machine learning tools on top of that same data set to come up with predictive algorithms. >> So, just to be clear there, they're hypotehsizing about, like, say, either the pattern of users that might be- have an affinity for a certain channel or channels, or they're looking for pathways. >> Yes. And I'd say our role in that right now is a descriptive role. We're supporting the descriptive element of that analytics life cycle. I think over time our customers are going to push us to build in more of our own capabilities, when it comes to, okay, I discovered something descriptive, can you come up with a model that helps me predict it the next time around? Honestly, right now people want BI. People want very traditional BI on the next generation data platform. >> Just, continuing on that theme, leaving machine learning aside, I guess, as I understand it, when we talked about the old school vendors, Care Data, when they wanted to support data scientists they grafted on some machine learning, like a parallel version of our- in the core Teradata engine. They also bought Astro Data, which was, you know, for a different audience. So, I guess, my question is, will we see from you, ultimately, a separate product line to support a new class of users? Or, are you thinking about new functionality that gets integrated into the core product. I think it's more of the latter. So, the way that we view it- and this is really looking at, like I said, what people are asking for today is, kind of, the basic, traditional BI. What we're building is essentially a business model. So, when someone uses AtScale, they're designing and they're telling us, they're asserting, these are the things I'm interested in measuring, and these are the attributes that I think might contribute to it. And, so that puts us in a pretty good position to start using, whether it's Spark on the back end, or built in machine learning algorithms on the Hadoop cluster, let's start using our knowledge of that business model to help make predictions on behalf of the customer. So, just a follow-up, and this really leaves out the machine learning part, which is, it sounds like, we went- in terms of big data we we first to archive it- supported more data retension than could do affordably with the data warehouse. Then we did the ETL offload, now we're doing more and more of the visualization, the ad-hoc stuff. >> That's exactly right. So, what- in a couple years time, what remains in the classic data warehouse, and what's in the Hadoop category? >> Well, so there is, I think what you're describing is the pure evolution, of, you know, any technology where you start with the infrastructure, you know, we've been in this for over ten years, now, you've got cloud. They are going APO and then going into the data science workbench. >> That's not official yet. >> I think we read about this, or at least they filed. But I think the direction is showing- now people are relying on the platform, the Hadoop platform, in order to build applications on top of it. And, so, I think, just like Josh is saying, the mainstream application on top of the database - and I think this is true for non-Hadoop systems as well - is always going to be analytics. Of course, data science is something that provides a lot of value, but it typically provides a lot of value to a few set of people that will then scale it out to the rest of their organization. I think if you now project out to what does this mean for the CIO and their environment, I don't think any of these platforms, Teradata or Hadoop, or Google, or Amazon or any of those, I don't think do 100% replace. And, I think that's where it becomes interesting, because you're now having to deal with a hetergeneous environment, where the business user is up, they're using Excel, they're using they're standard net application, they might be using the result of machine learning models, but they're also having to deal with the heterogeneous environment at the data level. Hadoop on Prime, Hadoop in the cloud, non-Hadoop in the cloud and non-Hadoop on Prime. And, of course that's a market that I think is very interesting for us as a simplification platform for that world. >> I think you guys are really thinking about it in a new way, and I think that's kind of a great, modern approach, let the freedom- and by the way, quick question on the Microsoft tool and Tableau, what percentage share do you think they are of the market? 50? Because you mentioned those are the two top ones. >> Are they? >> Yeah, I mentioned them, because if you look at the magic quadrant, clearly Microsoft, Power BI and Tableau have really shot up all the way to the right. >> Because it's easy to use, and it's easy to work with data. >> I think so, I think- look, from a functionality standpoint, you see Tableau's done a very good job on the visualization side. I think, from a business standpoint, and a business model execution, and I can talk from my days at Microsoft, it's a very great distribution model to get thousands and thousands of users to use power BI. Now, the guys that we didn't talk about on the last magic quadrant. People who are like Google Data Studio, or Amazon Quicksite, and I think that will change the ecosystem as well. Which, again, is great news for AtScale. >> More muscle coming in. >> That's right. >> For you guys, just more rising tide floats all boats. >> That's right. >> So, you guys are powering it. >> That's right. >> Modern BI would be safe to say? >> That's the idea. The idea is that the visualization is basically commoditized at this point. And what business users want and what enterprise leaders want is the ability to provide freedom and openness to their business users and never have to compromise security, speed and also the complexity of those models, which is what we- we're in the business of. >> Get people working, get people productive faster. >> In whatever tool they want. >> All right, Bruno. Thanks so much. Thanks for coming on. AtScale. Modern BI here in The Cube. Breaking it down. This is The Cube covering bid data SV strata Hadoop. Back with more coverage after this short break. (electronic music)

(upbeat music) >> From Phoenix, Arizona, the CUBE, at Catalyst Conference. Here's your host, Jeff Frick. >> Hey welcome back everybody. Jeff Frick here with the CUBE. We're in Phoenix, Arizona at the Girls in Tech Catalyst Conference. There's a lot of catalyst conference, but there's only one Girls in Tech Catalyst Conference. It's their fourth year, about 400 people they're going to be back in San Francisco next year. Wanted to come down and see what's going on. And we're really excited with our next guest. Actually part of my prep, I went and watched our last interview and we knocked it out of the park, I have to say. Jennifer Tejada, former President and the CEO of Keynote. Welcome back. >> Thank you, thanks so much for having me. It's great to see you again. >> Absolutely, so just to set the record straight, 'cause there's little bits on the internet, you're no longer the CEO of Keynote. >> I am no longer the CEO of Keynote. Keynote was acquired by a company called Compuware. It was merged with a business within Compuware called Dynatrace. Following that integration last year, I stepped out of the business and have been spending my time making some investments, pursuing the growth arena in Tech, and also spending a lot of time on boards and helping other women establish themselves in the community of boards and the technology industry. >> Okay, so if they weren't ringing off the hook already, now your phones will begin to ring off the hook. >> (laughs) >> You couldn't get a better CEO than Jennifer. >> Oh, thank you. >> But let's jump in. So you've been spending your time too, helping at conferences like this. So you had a session here. >> Yeah, I'm speaking today about operations. >> That's right, coming up. >> My presentation's called "Ops Chops". It's a subject that's very dear to my heart because of the pragmatism of operations, and how underrepresented I think it is at conferences like this. You know, we've seen many inspiring speakers in the last two days, talking about their paths to success, and to leadership, and giving the women in the room a lot of great advice on how to manage everything, from your career development, to work-life balance, to conflict, to challenges, how to really navigate the tech industry. Which, you know if someone could send me the book on that, that would be great. But no-one's really talking about, I think, where the rubber meets the road, which is operations. I believe operations is the bridge between strategy and the execution of great results. And there's a lot of math in operations. In the tech industry right now, we're hearing a lot of storytelling, and narratives about great new companies, new products, and the vision for how we're going to change the world, et cetera. But at the end of the day, if you want to be successful, you have to set goals that are helpfully aspirational, but realistic, and then you've got to nail your delivery. Because if you miss a beat, you don't have a lot of time to make up for that miss. And you've got investors, you've got shareholders, you have employees that expect you to deliver. And so operations I think is a great mix between art and science. The math of really measuring your business, the rigor of measuring your progress, really understanding the underlying financial drivers in your business, and then orienting your culture, and your people around the best possible execution that gives your strategy the most potential to be successful >> Right, and ops kind of gets a bad rap all the time. Everyone's talking about strategy and strategy, and we're all about strategy. At the end of the day, strategy with no execution, it's just a nice PowerPoint slide, right? But it's not like you on this. >> Exactly, exactly. And I think, you know I've been around for a little while. I've seen the market cycles in the technology industry. And we're certainly seeing a connection now. And a lot of businesses that marked themselves and measured themselves on how much money they've raised, or how much money they've spent, are now trying to figure out how to generate cash flow, and how to survive over a longer period of time if the market does soften. So I have a lot of respect for people who know how to generate cash flow, and deliver results, and deliver revenue, and measure their business on the basis of growth. Customers that vote with their dollars, right? >> Right. >> And so, yeah, I think operations, it's the unsung hero. When it comes to business outcomes. And so we're going to spend some time today talking about what I think is the quiet achiever in leadership. >> The other thing that's kind of interesting, cause we've got all these big data shows, right? Big data, cloud, probably two of the biggest topics right now, internet of things, of course being right there. But this kind of nirvana picture that gets painted, where there's going to be all this automation, and I'm just going to throw it in a big Hadoop cluster, and voila, everything happens. >> Boom, I'll have the answer. >> It doesn't really work that way. >> Not yet. I do think that machine learning, and artificial intelligence is progressing rapidly. And I think we're moving away from the automation of process to the automation of getting to the answer. I think analytics without action, though, leaves you kind of empty-handed. >> Right >> Like, so great, I have a lot of information, I have all this big data. I need the small data. I need data in the context of problems that I'm trying to solve. Whether, I'm thinking about it from consumer perspective, or a business perspective. So I see a real convergence between analytics and applications coming. You know, I think LifeLock has a funny commercial where they talk about alerting. And you know, don't just point to the fire. Like help me put the fire out. Help me figure out how the thing caught fire. And I think that's where machine learning and artificial intelligence can be super helpful. I also think that we're a long way away from really being able to leverage the true power of all this data. If you think about digital health, for example, and all the proprietary data stacks, that are being built through your FitBit, or your iPhone. You know, the way we're sensoring our personal health and fitness. But where's all that data going? Is it really contributing to research to solve, you know, health epidemics, right? No, because those stacks are all proprietary. No one wants to share them. >> Right >> So we need to get to a universal language, or a universal technology platform, that enables the researchers of the world to get a hold of that data, and do something super meaningful with it. So I think with progress, you'll also create open-ended questions. >> Absolutely >> And I think it's all positive. But I think we still have a long way to go, to see that big data environment really deliver great results. >> Right. So let's shift gears a little bit to leadership. >> Yeah. >> Another kind of softer topic. Not a big data topic. And when we talked last time, you came from Procter & Gamble When I graduated from undergrad, one of the great training programs was the Macy training program. May Company had one. So there were kind of these established things. IBM was always famous for their kind of training. It's a process where you went into a program, and it was kind of like extended school, just in a business context. You don't see that as much any more. Those programs aren't as plentiful. And so many people with the startup bug, so you see like in Iberia, they jump right in. I think you're mentioning off-air, one of the companies you're involved with, the guy's never had another job. So how do you see that kind of playing out? Kind of the lack of these kind of formal leadership opportunities, and what's that going to look like down the road. As the people who haven't had the benefit of this kind of training, or maybe it wasn't a benefit, get into these more senior positions. >> For sure. Look, leadership development is a topic that is of real interest to me. I was so fortunate and am so grateful for the opportunity that I had at Proctor & Gamble. I spent nearly six years there. And a big chunk of my time was spent in a leadership rotation program. Where you got to participate in a number of different projects and jobs, but you had mentorship, structured training and education, around what it takes to be, not just a good manager, but an effective leader. How you build a culture. How you engender people's commitments and dedication. How you really make the best of the resources that you have. How you manage your management. Whether that's board, or that's a CEO, or that's your shareholders. How you think about those things. And really tactically, what works and what doesn't. And being surrounded by people who are experts in their field. That was a long time ago, Jeff. And I don't see as many companies in the tech industry investing in that kind of leadership. And for kids coming out of college today, they're not rolling into structured leadership training programs. And so if you fast forward 20 years, what does that mean for the boards of the future? What does that mean for the Global 1000, and how those businesses are run? The good news is there's technology, there are plenty of amazing, inspirational founders out there, that have figured out how to build businesses on their own. And there's plenty of people like me, who actually want to mentor and help to build out the skill sets of these founders and these executives. But I do think that like many other areas of training and education which have been democratized in the industry, there's an opportunity to democratize leadership development and leadership training. And so that's something I'm spending a little bit of time on now. >> Good. And one of the great points you talked about. Again, go back and look at the other interview. Just Google Jennifer Tejada the Cube. Was really about as a leader, how you worked with exchanging value with your employees, right? And to quote you, you know, they're doing things that, they're not doing things that they might rather be doing. Spending time with their family on vacation, et cetera. And how you manage that as a leader of the company, to make them happy that they're there working, and to give them a meaningful place to be. And to spend that time that they're not spending on things that they might like more. >> I think culture is so important to the success of a business. You know, there are some investors that think culture is like an afterthought. It's one of those soft topics that they really don't need to care about. But for employees today, culture is everything. If you are going to spend a disproportionate amount of your waking hours with a group of people, it better be on a mission that's meaningful to you. And you'd better be working alongside of people that you think you can learn from, that inspire you, that stretch you to do more than you thought you could do. And so for me, it's about creating a culture of innovation, of performance, of collaboration. A real orientation around goals that everybody in the organization understands. In a way that is meaningful to them, within their role in the business. And that it's fun. Like, I won't do anything if it's not fun. I don't want to work with people who aren't fun. I was really excited. Two of the women who were on my leadership team at Keynote Flew here just to join me today, and support me as I'm giving a talk. But also to go out and have a drink. Because that's what we used to do after a long day at work. >> Right, right. >> And I think you have to be able to create a fire in someone by making sure that they, that they are being stretched. That they're learning and developing in that process. That they're part of something bigger than them. And that they can look back after a week, after a month, after a year in that business with you, and realize that they made an impact. That they made a difference. But that they also gained something from it, too. And I don't think we can ever underestimate the value of recognition, right? Not just money, but are you really recognizing someone for their commitment. For their emotional commitment to the business. For the time that they're spending and for what they've delivered for you, for the business, for your shareholder, for your customers. >> Jennifer, I could go with you all day long. >> (laughs) >> I'm going to get to one more before I let you go. Cause we're out of time, unfortunately. But you're now on some boards. There's a lot of talk. It feels like kind of the last plateau. Not that we've conquered the other ones. Because the last plateau is to get more women on boards. And we hear it's a matching problem, it's not so much of a pipeline problem. From your perspective, what can you advise? How can you help either people looking for qualified women, such as yourself, to be on boards. For qualified women who want to get on boards, to find them? >> That's a great question. I am very fortunate that there are people within my network that have spent time working with me, and can identify pieces of my experience that they think could be useful within their investment portfolio or within their companies. I'm part of a board called Puppet. It's an infrastructure software company based out of Portland. Super talented founder and team. Fast growing business in a really important space, software automation. Great board. I mean, I joined that board because every single person on the board, to a fault, is an amazing, accomplished executive, in and of themselves. Whether they're an investor, or a career CFO, or a career sales leader from the big technology side of the industry. So for me, it's such a great opportunity to collaborate with those people, and also take my experience, and lend what I know, and the pattern recognition that I have from running businesses, to loop the founder into his team. But I tell you, I wish that, and I hope that, the market starts to really think about diversity at the board level from a longer-term perspective. It's not just about how you find the women now. And by the way, there aren't that many female CEOs. But those of us who have sort of ticked that box and had that experience, we are available. And there are places where it's easy to find us. The Boardlist, for instance, is one of them. The Athena Alliance. Coco, the founder of that business is here. Women in Tech. I mean, it's out there. It's not that hard to find us. The challenge, I think, is the depth, the bench strength. Like who are the next female leaders that are coming up? That have functional expertise. You may need someone who's a marketing expert. You may need someone who's a product expert. You may need somebody who functionally knows consumer software, right? And it's really being willing, as a recruiter, as a recruiting executive, as a board member on the governance and nomination committee to say to your recruiters, to say to your investors, we want women on the short list. Or we want diversity on the short list. Like gender diversity, age diversity, racial diversity. A diverse board makes better decisions, full stop. Delivers better results. And I think we have to be demanding about that effort. We have to, the recruiting industry needs to hear that over and over again. And then on the flip side, we've got to develop these women. Help them build the skills. I mean, when I talk to women who want to be on boards, I say tell everybody, you want to be on a board. Be specific about the help that you need, right? Find the people that are connected in that network. Because once you're on one board, you meet board members there, they're on other boards. It does snowball. And in fact then you have to really choose the board wisely. Because it's not a two year commitment. You're in it for the long haul. So when you make that decision to choose a board, make sure it's a business that you have a real affinity to. That these are people that you want to spend time with over several years, right? And that you're willing to see that business through thick and thin. You don't get to leave the board if things go badly. That's when they need you the most. >> Right. >> So my hope is that we become much more open minded and demanding about diversity at the board level. And equally that we invest in developing women, men, people of different ages and bringing them to the board level. You don't have to be a CEO to be an effective board member, either. If you have functional, visional, regional expertise, that is a fit to that business, then you're going to be a very effective board member. >> All right, Jennifer, we have to let you go unfortunately. Thank you so much for stopping by and sharing your insight. No longer keynote, so now we can just use all our tags. Great Cube alumni, and tech athlete. So again, thanks for stopping by. >> Awesome, thank you so much for having me. >> Absolutely. Jennifer Tejada, I'm Jeff Frick. We are in Phoenix, Arizona at the Girls in Tech Catalyst Conference. Thanks for watching, we'll be right back. (upbeat music)